[virus] infectée par ad-aware Dompilot.dll

matth_34 Messages postés 3 Statut Membre -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour

un virus est en train de me rendre fou!!
Toute les 5 min avast me dit que mon pc est infecté par un
ad-aware :
C:\DOCUME~1\MATTHI~1\LOCALS~1\Temp\~os905.tmp\DOMPilot.dll
J'ai essayé de le mettre en quarantaine et de le supprimer ca ne marche pas.
Pouvez-vous m'aider svp ???
je met le rapport hijackthis (meme si je n'ai pas la moindre idée de quoi ca sert!! )
Merci a tous

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:54:31, on 27/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
c:\windows\system32\rlvknlg.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\iyunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE
C:\Program Files\acer\eRecovery\Monitor.exe
C:\iyunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Documents and Settings\matthieu barre\Bureau\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 142.34.1.4:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "D:\incom\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\iyunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
O4 - HKCU\..\Run: [CMIntex] "C:\Program Files\CMIntex\CMIntex.exe"
O4 - HKCU\..\Run: [PSCastor] "C:\Program Files\PSCastor\PSCastor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Policies\Explorer\Run: [{320D180E-063C-1036-0707-050331200021}] "C:\Program Files\Fichiers communs\{320D180E-063C-1036-0707-050331200021}\Update.exe" mc-58-12-0000106
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - https://validate.perfdrive.com/?ssa=1cb613c1-b580-495b-866c-b6fe71718572&ssb=36371211747&ssc=https%3A%2F%2Fimlive.com%2Fchatsource%2FImlCID.cab&ssi=b98a4b26-ba0f-44c8-a2a5-0315e1e966ee&ssk=support@shieldsquare.com&ssm=77124680964133473105650333749186&ssn=7eafd9fa9826c01597307b85effe791743b46ba2f27a-3977-4b0e-988e66&sso=940ea59d-ee88a13130f2489df365438a8b123fc056d418d499c5df48&ssp=15188465711607082399160702401540426&ssq=67141537474651350705574746278120044759785&ssr=OTEuMjA5LjM1LjIxOA==&sst=Mozilla/5.0%20(X11;%20Linux%20x86_64)%20AppleWebKit/537.36%20(KHTML,%20like%20Gecko)%20Chrome/74.0.3729.131%20Safari/537.36&ssv=&ssw=
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter hijack: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - C:\Program Files\Batty2\Batty2.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bWF0dGhpZXUgYmFycmU\command.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 13032 bytes
Configuration: Windows XP
Internet Explorer 7.0

17 réponses

  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    il y a des signes d'infection.
    mais j'aimerai vois stp un rapport hijackthis avec cette version 1.99.1
    prend la ici
    http://pchelpbordeaux.free.fr/logiciels.html

    puis

    * Télécharge LSPfix
    * Lance LSPfix
    * Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
    * Coche la case "I know what I'm doing"
    * Sélectionne toutes les instances des dll suivantes (s'il y en a, sinon ferme LSPfix) :

    rlls.dll

    * fais les glisser du panneau de gauche "keep" au panneau de droite "Remove".
    Clique sur le bouton "Finish".
    (Si elles sont déjà dans le panneau "Remove" alors clique directement sur le bouton "Finish".)

    puis revient avec un nouveau rapport hijackthis
    0
  2. matth_34 Messages postés 3 Statut Membre
     
    Salut,

    Je te met le rapport hijackthis avec la version que tu m'as demandé.
    je vais faire ce que tu m'as dit de faire ensuite.
    Merci de ton aide en tout cas !!

    Logfile of HijackThis v1.99.1
    Scan saved at 17:47:35, on 03/04/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    c:\windows\system32\rlvknlg.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\acer\epm\epm-dm.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    C:\iyunes\iTunesHelper.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Micro Application\12 DICOS Indispensables\MediaDICO12.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Micro Application\12 DICOS Indispensables\Rac12.EXE
    C:\Program Files\acer\eRecovery\Monitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 142.34.1.4:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\WINDOWS\DH.dll (file missing)
    O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CloneCDTray] "D:\incom\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\iyunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [MediaDico] C:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement
    O4 - HKCU\..\Run: [CMIntex] "C:\Program Files\CMIntex\CMIntex.exe"
    O4 - HKCU\..\Run: [PSCastor] "C:\Program Files\PSCastor\PSCastor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,99/mcinsctl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - C:\Program Files\Batty2\Batty2.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bWF0dGhpZXUgYmFycmU\command.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    0
  3. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,

    je vais faire ce que tu m'as dit de faire ensuite. 


    j'attends le nouveau rapport suite à la manip demandée.
    0
  4. matth_34 Messages postés 3 Statut Membre
     
    J'ai fait ce que tu m'avais dit, mais j'ai effacé tout les fichier .dll qui se trouvé dans la colonne gauche en les mettant a droite alors que tu m'avais dit d'effacer seulemenet rlls.dll.
    Je ne peux plus accéder à internet par contre je peux tjrs téléchargé.
    J pense donc formaté mon pc.qu'en pense tu ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    je pense qu'il faut lire ce que l'on écrit, sinon on court à la cata. Je ne sais pas comment récupérer ton erreur....
    0
  7. Alex
     
    Bonjou, j'ai moi aussi ce problème... Voici le rapport de hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:22:17, on 05/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\TheTurtle\TheTurtle.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\windows\system32\rlvknlg.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\iLike\1.0.85\ilikesidebar.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Dev-Cpp\devcpp.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#44272
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#44272
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#44272
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#44272
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O1 - Hosts: 91.121.11.221 L2authd.lineage2.com #L2Run connect to 91.121.11.221
    O1 - Hosts: 91.121.11.221 L2testauthd.lineage2.com #L2Run connect to 91.121.11.221
    O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Nouvelle application] C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - https://www.afternic.com/domains/downloadv3.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5045D44D-3BC8-43F9-BC47-5325DF168132}: NameServer = 80.10.246.130 80.10.246.3
    O18 - Protocol: bw+0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Micro Application\Trains Miniatures 3D\monki.dll
    O18 - Protocol: offline-8876480 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: HookDLL.DLL
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

    Merci d'avance.
    0
  8. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,

    je pense que l'autre personne ne reviendra pas, reste donc ici

    tu es également bien infecté

    * télécharge About Buster
    http://www.downloads.subratam.org/AboutBuster.zip
    Une fois téléchargé,tu le dézippe,et tu mets un raccourci sur le bureau.

    * Télécharge LSPfix
    http://www.cexx.org/LSPFix.exe

    puis

    * Lance LSPfix
    * Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
    * Coche la case "I know what I'm doing"
    * Sélectionne toutes les instances de la dll suivante (s'il y en a, sinon ferme LSPfix et uniquement celle la stp) :

    rlls.dll

    * fais la glisser du panneau de gauche "keep" au panneau de droite "Remove".
    Clique sur le bouton "Finish".
    (Si elles sont déjà dans le panneau "Remove" alors clique directement sur le bouton "Finish".)

    puis

    * Double clique sur About:Buster.
    Clique sur Begin Removal
    Un scan est exécuté.
    Refaire un second scan.
    Poste le rapport ici.

    ainsi qu'un nouveau rapport hijackthis
    0
  9. Alex
     
    Bonjour, j'ai fait tout ce que tu m'as demandé.

    Voila le rapport de About Buster:

    AboutBuster 6.03
    Scan started on [06/04/2007] at [16:13:59]
    -------------------------------------------------------------
    Internet Explorer Instances Terminated!
    HomeSearch Service stopped if present
    -------------------------------------------------------------
    No Ads Found!
    -------------------------------------------------------------
    No Files Found!
    -------------------------------------------------------------
    Scan was COMPLETED SUCCESSFULLY at 16:15:26

    AboutBuster 6.03
    Scan started on [06/04/2007] at [16:15:58]
    -------------------------------------------------------------
    Internet Explorer Instances Terminated!
    HomeSearch Service stopped if present
    -------------------------------------------------------------
    No Ads Found!
    -------------------------------------------------------------
    No Files Found!
    -------------------------------------------------------------
    Scan was COMPLETED SUCCESSFULLY at 16:16:54

    Et voila celui de hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:17:47, on 06/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\TheTurtle\TheTurtle.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#44272
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#44272
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#44272
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#44272
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O1 - Hosts: 91.121.11.221 L2authd.lineage2.com #L2Run connect to 91.121.11.221
    O1 - Hosts: 91.121.11.221 L2testauthd.lineage2.com #L2Run connect to 91.121.11.221
    O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Nouvelle application] C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - https://www.afternic.com/domains/downloadv3.com
    O18 - Protocol: bw+0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Micro Application\Trains Miniatures 3D\monki.dll
    O18 - Protocol: offline-8876480 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: HookDLL.DLL
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

    Est-ce que je peux espérer etre débarassé de cette cochonnerie? ^^
    0
  10. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    oui bien sûr on va t'en débarrasser

    Démarrer "Exécuter…" puis Tape "services.msc" et valide par OK
    la fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné, sinon faites le.

    Power Manager (PowerManager)
    et le chemin
    C:\WINDOWS\svchost.exe

    puis

    Ouvre Hijackthis puis
    Ouvrir la section outils
    Outils
    Enlever un service NT
    Entre : Power Manager
    Valide

    puis

    * Assure toi d'avoir accès à tous les fichiers

    -démarrer

    -poste de travail ou autre dossier

    -menu outils

    -options de dossier

    -onglet affichage

    puis

    - activer la case : Afficher les fichiers et dossiers cachés

    - désactiver la case : Masquer les extensions des fichiers dont le type est connu

    - désactiver la case : Masquer les fichier protégés du système d'exploitation

    Puis - Appliquer

    * et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :

    C:\WINDOWS\svchost.exe
    ((attention à sa localisation)

    puis

    * Télécharge eScan Antivirus Toolkit
    Sauvegarde-le sur ton Bureau.
    http://www.spywareinfo.dk/download/mwav.exe

    puis

    etape1 :
    * Télécharge SpHjfix de Seeker
    http://www.trojaner-info.de/cgi-bin/download.cgi?file=sphjfix :

    ensuite

    Avant de lancer le programme, e-scan il faut le mettre à jour tel qu'indiqué à l'étape 2.

    Étape 2:

    Voici comment mettre l'outil à jour :

    1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

    2.) Double-clique sur le Poste de travail puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

    3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une touche pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).

    4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.

    Ne pas lancer le scan tout de suite !

    Étape 3:

    Imprime ceci.

    Redémarre en mode Sans Échec :


    1) Redémarre ton PC.

    2) Tapote la touche F8 (ou F5) immédiatement, juste après le "Bip"

    3) Tu verras un écran avec options de démarrage apparaître

    4) Choisi la première option : Sans Échec, et valide avec "Entrée"

    5) Choisis ton compte régulier, et non Administrateur.

    Étape 4:

    Du mode Sans Échec, voici comment utiliser le programme :

    1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky.

    2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.

    3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.

    4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte et choisi la lettre de ton disque dur, habituellement C:\.

    5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files.

    6.) Clique sur Scan Clean et laisse l'outil vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite !

    7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre [b]Virus Log Information[/b] (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum.

    Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse.

    et

    - lancer SpHjfix à partir d'un répertoire alloué
    - cliquer sur le bouton "start désinfection"
    - en cas d'infection sp.exe, l'ordinateur est redémarré
    - SpHjfix reprend la main avant démarrage de Windows pour désinfection sans être gêné par les processus en cours.
    - examiner, communiquer le fichier log généré

    puis

    * lance hijackthis pour un "scan seulement" puis coche ces lignes :

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#44272
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#44272
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#44272
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#44272
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: (no name) - <default> - (no file)
    O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O16 - DPF: {14325268-79E0-4D2A-89A4-FFFC6E22741E} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - https://www.afternic.com/domains/downloadv3.com
    O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - https://www.afternic.com/domains/downloadv3.com
    O18 - Protocol: bw+0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {3E010288-43EE-4411-B0DB-58F30D2CA3AD} - C:\Program Files\Logitech\Desktop
    O20 - AppInit_DLLs: HookDLL.DLL
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

    * poste les rapports ensuite ainsi qu'un nouveau rapport hijackthis
    0
  11. Alex
     
    Me voila de retour après de longues heures d'analyse... bref... J'ai suivi tes instructions et voila le resultat:

    Voila le rapport de l'analyse faite en mode sans echec:
    File C:\PROGRA~1\RealVNC\VNC4\WinVNC4.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_10.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_22.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_98.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
    File C:\WINDOWS\NDNuninstall7_44.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
    File C:\WINDOWS\NDNuninstall7_48.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
    File C:\WINDOWS\RESTORE.INS tagged as not-a-virus:NetTool.Win32.PsKill. No Action Taken.
    File C:\WINDOWS\System32\rlls.dll tagged as not-a-virus:AdWare.Win32.RK.m. No Action Taken.
    File C:\WINDOWS\System32\rlvknlg.exe tagged as not-a-virus:AdWare.Win32.RK.k. No Action Taken.
    File C:\Documents and Settings\Alex\Mes documents\Alex FRENE\122477.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Alex\Mes documents\Alex FRENE\122903.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Alex\Mes documents\Alex FRENE\124339.exe infected by "Trojan-Downloader.Win32.Small.bke" Virus. Action Taken: File Deleted.
    File C:\Documents and Settings\Alex\Mes documents\Alex FRENE\accessd.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\Documents and Settings\Alex\Mes documents\Alex FRENE\dragonbluexpss.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\Documents and Settings\Alex\Mes documents\Mes images\Photothe`que - 0005.jpg infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
    File C:\Documents and Settings\Alex\Mes documents\Mes images\Photothe`que - 0006.jpg infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
    File C:\Program Files\filesubmit\The Matrix Reloaded 3D Screensaver\nnezt388.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\Program Files\NewDotNet\uninstall7_48.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
    File C:\Program Files\RealVNC\VNC4\vncconfig.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
    File C:\Program Files\RealVNC\VNC4\vncviewer.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
    File C:\Program Files\RealVNC\VNC4\winvnc4.exe tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
    File C:\Program Files\RealVNC\VNC4\wm_hooks.dll tagged as not-a-virus:RemoteAdmin.Win32.WinVNC.4. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP844\A0200771.dll tagged as not-a-virus:AdWare.Win32.RK.m. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP844\A0200772.exe tagged as not-a-virus:AdWare.Win32.RK.k. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP844\snapshot\MFEX-1.DAT tagged as not-a-virus:AdWare.Win32.RK.m. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP844\snapshot\MFEX-2.DAT tagged as not-a-virus:AdWare.Win32.RK.k. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP844\snapshot\MFEX-3.DAT tagged as not-a-virus:AdWare.Win32.RK.m. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP846\A0201083.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.g. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP846\A0201084.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP848\A0202179.dll tagged as not-a-virus:AdWare.Win32.RK.m. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP849\A0202319.dll tagged as not-a-virus:AdWare.Win32.RK.m. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP850\A0202381.dll tagged as not-a-virus:AdWare.Win32.RK.m. No Action Taken.
    File C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP853\A0202925.dll tagged as not-a-virus:AdWare.Win32.RK.m. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_10.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_22.exe tagged as not-a-virus:AdWare.Win32.NewDotNet. No Action Taken.
    File C:\WINDOWS\NDNuninstall6_98.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
    File C:\WINDOWS\NDNuninstall7_44.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
    File C:\WINDOWS\NDNuninstall7_48.exe tagged as not-a-virus:AdWare.Win32.NewDotNet.e. No Action Taken.
    File C:\WINDOWS\RESTORE.INS tagged as not-a-virus:NetTool.Win32.PsKill. No Action Taken.
    File C:\WINDOWS\system\RESTORE.INS tagged as not-a-virus:NetTool.Win32.PsKill. No Action Taken.
    File C:\WINDOWS\system32\rlls.dll tagged as not-a-virus:AdWare.Win32.RK.m. No Action Taken.
    File C:\WINDOWS\system32\rlvknlg.exe tagged as not-a-virus:AdWare.Win32.RK.k. No Action Taken.

    Voila le log de SpHjfix:
    (4/6/07 23:10:00) SPSeHjFix started v1.1.2
    (4/6/07 23:10:00) OS: WinXP Service Pack 1 (5.1.2600)
    (4/6/07 23:10:00) Language: français
    (4/6/07 23:10:00) Win-Path: C:\WINDOWS
    (4/6/07 23:10:00) System-Path: C:\WINDOWS\System32
    (4/6/07 23:10:00) Temp-Path: C:\DOCUME~1\Alex\LOCALS~1\Temp\
    (4/6/07 23:10:14) Disinfection started
    (4/6/07 23:10:14) Bad-Dll(IEP): (not found)
    (4/6/07 23:10:14) Bad-Dll(IEP) in BHO: (not found)
    (4/6/07 23:10:14) UBF: 7 - UBB: 2 - UBR: 16
    (4/6/07 23:10:14) UBF: 7 - UBB: 2 - UBR: 16
    (4/6/07 23:10:14) Bad IE-pages:
    deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page:
    deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
    (4/6/07 23:10:14) Stealth-String not found
    (4/6/07 23:10:14) Not infected->END

    et enfin le rapport de hijackthis:
    Logfile of HijackThis v1.99.1
    Scan saved at 23:19:05, on 06/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\TheTurtle\TheTurtle.exe
    c:\windows\system32\rlvknlg.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 91.121.11.221 L2authd.lineage2.com #L2Run connect to 91.121.11.221
    O1 - Hosts: 91.121.11.221 L2testauthd.lineage2.com #L2Run connect to 91.121.11.221
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Nouvelle application] C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\rlls.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5045D44D-3BC8-43F9-BC47-5325DF168132}: NameServer = 80.10.246.130 80.10.246.3
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Micro Application\Trains Miniatures 3D\monki.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)

    Ps: cette saloperie est toujours la, elle est venue me narguer 5 minutes a peine après le redémarrage... ><

    Pss: pardon pour le bordel sur mon pc...
    0
  12. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re
    oui je vois bien je vais regarder à nouveau ton rapport

    par contre pour le scan je vois No Action Taken.
    tu n'as pas appliqué les actions ?
    0
  13. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    * Lance LSPfix
    * Déconnecte-toi d'Internet et ferme toutes les fenêtres d'Internet Explorer.
    * Coche la case "I know what I'm doing"
    * Sélectionne l' instance de la dll suivante (s'il y en a, sinon ferme LSPfix) :

    rlls.dll

    * fais les glisser du panneau de gauche "keep" au panneau de droite "Remove".
    Clique sur le bouton "Finish".
    (Si elles sont déjà dans le panneau "Remove" alors clique directement sur le bouton "Finish".)

    * as tu fait la manip pour arrêter le service et supprimer svchost.exe ?

    reposte un nouveau rapport hijackthis
    0
  14. Alex
     
    Bonsoir,

    J'ai réussi à supprimer ce fameux rlls.dll
    Cette suppression m'a coupé d'internet... Pendant un moment j'ai eu peur... Mais j'ai reboot et tout fonctionne. De plus j'ai revérifié une enieme fois, rlls.dll n'est plus la.

    En ce qui concerne svchost.exe il n'y en a pas dans C:\WINDOWS...

    Par contre j'en ai 2 de planqués dans ces deux chemins:
    C:\WINDOWS\system32
    C:\WINDOWS\system32\dllcache

    C'est grave docteur?

    ps: pas de signe de vie de DOMPilot après la suppression de rlls.dll et reboot... Serait-il (enfin) détruit?
    0
  15. Alex
     
    Oops... Je viens de me rendre compte que j'ai oublié le rapport de hijackthis... Le voici :

    Logfile of HijackThis v1.99.1
    Scan saved at 20:41:24, on 07/04/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\drivers\dcfssvc.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\TheTurtle\TheTurtle.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O1 - Hosts: 91.121.11.221 L2authd.lineage2.com #L2Run connect to 91.121.11.221
    O1 - Hosts: 91.121.11.221 L2testauthd.lineage2.com #L2Run connect to 91.121.11.221
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Nouvelle application] C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5045D44D-3BC8-43F9-BC47-5325DF168132}: NameServer = 80.10.246.130 80.10.246.3
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - C:\Program Files\Micro Application\Trains Miniatures 3D\monki.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
    O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
    O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\WINDOWS\System32\x10nets.exe (file missing)
    0
  16. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    Bonsoir,

    ok, c'est une bonne chose
    Par contre j'en ai 2 de planqués dans ces deux chemins:
    C:\WINDOWS\system32
    C:\WINDOWS\system32\dllcache


    ceux ci sont légitimes. N'y touche pas

    ps: pas de signe de vie de DOMPilot après la suppression de rlls.dll et reboot... Serait-il (enfin) détruit?


    je l'espère bien

    * lance hijackthis puis coche et fixe cette ligne

    O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)


    je viens de m'apercevoir que j'avais oublié un morceau de la manip suivante. Recommence la stp
    désolée !

    Démarrer "Exécuter…" puis Tape "services.msc" et valide par OK
    la fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné, sinon faites le.

    Power Manager (PowerManager)
    et le chemin
    C:\WINDOWS\svchost.exe

    - Dans la colonne "Nom", DOUBLE CLIQUE sur le service noté en GRAS ci dessus, pour faire apparaître "Propriétés".
    - Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement souligné.
    - Puis clique sur Arrêter
    - Dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
    - valide la modification par OK
    - Ferme la fenêtre des Services.

    puis

    Ouvre Hijackthis puis
    Ouvrir la section outils
    Outils
    Enlever un service NT
    Entre : Power Manager
    Valide

    essaie tout de même ceci :

    Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    C:\WINDOWS\svchost.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.
    si c'est le cas accepte par Yes.

    0
  17. Alex
     
    Lorsque je lance la boite à outil de hijackthis et que je lui demande de supprimer "Power Manager", il me dit qu'il n'est pas dans le registre.

    Au passage, Dompilot ne s'est pas manifesté depuis ma dernière manip.
    0
  18. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    termine ce que tu peux faire et poste le rapport
    C:\\\_OTMoveIt\MovedFiles.
    0