Analyse log Hijackthis

Résolu
Alex -  
 riri94 -
Bonjour.

Alors voila, j'ai hier télécharger un fichier qui s'est revélé dangereux et a apparement infecté mon ordinateur. Fichier que j'ai de suite supprimé.

Toutefois, mon ordinateur semble depuis en subir les conséquences, avec l'affichage de pub, plusieurs attaques de Trojan/virus ainsi que des erreurs avec IE qui ferme mes fenetres (oui je sais je devrais mettre firefox). De plus, mon ordinateur semble plus lent depuis.

Je suis donc passé en mode sans echec ce matin afinde pratiquer un scan avec spybot et ad aware. Toutefois le probleme persiste.

J'ai aussi essayé de faire une restauration systeme mais cela me signal que l'a restauration n'a pas marché aprés le redémarrage. J'ai aussi voulu passé en sans echec pour en faire une mais la c'est carrement le mod qui a du buggé puisque l'écran resté noir et je n'ai pas osé y retourné.

J'ai donc fais un scan Hijack mais je ne m'y connais pas vraiment, si quelqu'un pouvait me conseiller.

Logfile of HijackThis v1.99.1
Scan saved at 00:18:08, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 82.231.144.169 apogee.lineage2.com
O1 - Hosts: 91.121.8.140 L2authd.lineage2.com
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\orkvienh.dll",realset
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Merci
Configuration: Windows XP
Internet Explorer 6.0

36 réponses

  • 1
  • 2
Résumé de la discussion

Une personne rapporte l'infection de son ordinateur après le téléchargement d'un fichier dangereux, avec affichage de publicités, attaques de trojans et lenteur générale, malgré suppression du fichier et mesures de sécurité.
Des scans en mode sans échec et divers outils (Spybot, Ad-Aware, HijackThis) sont décrits, avec des modifications suspectes du fichier hosts et des services persistants.
Les solutions proposées mobilisent des outils spécialisés comme Clean (Malekal_morte), F-Secure BlackLight, KillBox et VundoFix, suivis d’instructions et de tutoriels pour interpréter les rapports et nettoyer.
Des retours indiquent une amélioration partielle (moins de pubs et système plus fluide), mais le fil souligne que la désinfection peut nécessiter plusieurs étapes et vérifications complémentaires.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut Alex,

    1
    avec hijack this coche ceci :

    O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\orkvienh.dll",realset
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    quitte tes applications et navigateur et fix/check les lignes ci dessus.

    2
    Télécharge Pocket KillBox sur ton bureau.
    http://www.downloads.subratam.org/KillBox.exe

    Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
    copie la ligne ci dessous :

    c:\windows\system32\orkvienh.dll",realset

    Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

    Tu peux vérifier dans le menu déroulant que le fichier est bien présent.
    - coche la case "Unregister dll before deleting" (si tu en as la possibilité)
    - clique sur le bouton "All files"
    - clique ensuite sur la croix rouge

    Au deux messages qui vont s'afficher, tu réponds par "YES"
    L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

    Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
    Poste le rapport ici

    3
    Fais un clic droit sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    3
    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    et repost un log hijackthis ,

    @+
    0
  2. Alex
     
    Tout d'abord je tiens a te remercié grandement pour ton aide car j'ai conscience du travail que cela implique.

    Rapport Kill box

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 11:43 AM

    Killbox Closed(Exit) @ 11:44:10 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 11:44 AM

    # 1 [Delete on Reboot]
    Path = c:\windows\system32\orkvienh.dll",realset

    I Rebooted @ 11:45:39 AM
    Killbox Closed(Exit) @ 11:45:41 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 11:51 AM


    Ps: lorsque j'ai fais le "Paste from Clipboard" , le fichier n'apparaissait pas dans le menu déroulant, je l'ai donc remit et ait continué la manipulation, sans pouvoir coché "Unregister dll before deleting".

    Rapport Navilog

    search Navipromo version 2.0.3 commencé le 09/06/2007 à 11:53:54,25

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\Eric\Application Data ***

    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    https://www.f-secure.com/en

    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of April, 2007.
    Version information: 2.2.1061.

    [+] Started on 06/09/07 at 11:53:57.
    [-] ERROR: F-Secure BlackLight could not acquire debug privileges.
    [+] Exited on 06/09/07 at 11:53:57 (return code = 3).

    *** Recherche fichiers ***

    *** Recherche cles registre ***

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

    Recherche Clé Magic Control

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    C:\WINDOWS\system32\ijkkj.ini2 trouvé ! infection Vundo possible non traité par cet outil !
    C:\WINDOWS\system32\ijkkj.bak1 trouvé ! infection Vundo possible non traité par cet outil !
    C:\WINDOWS\system32\ijkkj.bak2 trouvé ! infection Vundo possible non traité par cet outil !

    2)Recherche Heuristique :
    *
    **
    ***
    ****
    *****
    ******
    *******
    ********

    *** Analyse Terminé le 09/06/2007 à 11:55:01,43 ***


    Rapport Vundofix

    VundoFix V6.4.2

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.3
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Scan started at 11:56:38 09/06/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\hggghhf.dll
    C:\WINDOWS\system32\ijkkj.bak1
    C:\WINDOWS\system32\ijkkj.bak2
    C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\ijkkj.tmp
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\ljjiigd.dll
    C:\WINDOWS\system32\nnnnlkl.dll
    C:\WINDOWS\system32\tndvqmkv.dll
    C:\WINDOWS\system32\vkmqvdnt.ini
    C:\WINDOWS\system32\xxyyvsr.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\hggghhf.dll
    C:\WINDOWS\system32\hggghhf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.bak1
    C:\WINDOWS\system32\ijkkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.bak2
    C:\WINDOWS\system32\ijkkj.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini
    C:\WINDOWS\system32\ijkkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
    C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ijkkj.tmp
    C:\WINDOWS\system32\ijkkj.tmp Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljjiigd.dll
    C:\WINDOWS\system32\ljjiigd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnnlkl.dll
    C:\WINDOWS\system32\nnnnlkl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tndvqmkv.dll
    C:\WINDOWS\system32\tndvqmkv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vkmqvdnt.ini
    C:\WINDOWS\system32\vkmqvdnt.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyyvsr.dll
    C:\WINDOWS\system32\xxyyvsr.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\xxyyvsr.dll
    C:\WINDOWS\system32\xxyyvsr.dll Has been deleted!

    Performing Repairs to the registry.


    Log Hijackthis

    Logfile of HijackThis v1.99.1
    Scan saved at 12:42:30, on 09/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Downloads\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: 82.231.144.169 apogee.lineage2.com
    O1 - Hosts: 91.121.8.140 L2authd.lineage2.com
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\tndvqmkv.dll",realset
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    0
  3. moK´s@ Messages postés 4410 Statut Membre 89
     
    ok

    fais ceci :

    tu n´as pas de par feux??!!

    0
    Télécgharge Kerio et installe le :

    https://kerio.probb.fr/t1-tuto-pour-kerio-4-2

    Merci a boulepate pour le site!!!

    1
    Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
    copie la ligne ci dessous :

    c:\windows\system32\tndvqmkv.dll",realset

    Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

    Tu peux vérifier dans le menu déroulant que le fichier est bien présent.
    - coche la case "Unregister dll before deleting" (si tu en as la possibilité)
    - clique sur le bouton "All files"
    - clique ensuite sur la croix rouge

    Au deux messages qui vont s'afficher, tu réponds par "YES"
    L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

    Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
    Poste le rapport ici

    2
    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

    3
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
    0
    1. Alex
       
      Rapport Killbox

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 11:43 AM

      Killbox Closed(Exit) @ 11:44:10 AM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 11:44 AM

      # 1 [Delete on Reboot]
      Path = c:\windows\system32\orkvienh.dll",realset


      I Rebooted @ 11:45:39 AM
      Killbox Closed(Exit) @ 11:45:41 AM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 11:51 AM

      Killbox Closed(Exit) @ 11:56:15 AM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 1:01 PM

      # 1 [Delete on Reboot]
      Path = c:\windows\system32\tndvqmkv.dll",realset


      PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:43 PM
      Killbox Closed(Exit) @ 1:04:47 PM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 1:09 PM



      Rapport VGB

      [06/09/2007, 13:11:22] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Eric\Bureau\VirtumundoBeGone.exe" )
      [06/09/2007, 13:11:30] - Detected System Information:
      [06/09/2007, 13:11:30] - Windows Version: 5.1.2600, Service Pack 2
      [06/09/2007, 13:11:30] - Current Username: Eric (Admin)
      [06/09/2007, 13:11:30] - Windows is in NORMAL mode.
      [06/09/2007, 13:11:30] - Searching for Browser Helper Objects:
      [06/09/2007, 13:11:30] - BHO 1: {27A508E5-7A04-4C3C-9858-46D3E6282CEE} ()
      [06/09/2007, 13:11:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:30] - Checking for HKLM\...\Winlogon\Notify\jkhhe
      [06/09/2007, 13:11:30] - Found: HKLM\...\Winlogon\Notify\jkhhe - This is probably Virtumundo.
      [06/09/2007, 13:11:30] - Assigning {27A508E5-7A04-4C3C-9858-46D3E6282CEE} MSEvents Object
      [06/09/2007, 13:11:30] - BHO list has been changed! Starting over...
      [06/09/2007, 13:11:30] - BHO 1: {27A508E5-7A04-4C3C-9858-46D3E6282CEE} (MSEvents Object)
      [06/09/2007, 13:11:30] - ALERT: Found MSEvents Object!
      [06/09/2007, 13:11:30] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (Flashget Catch Url Class)
      [06/09/2007, 13:11:30] - BHO 3: {5F53B0C0-665C-4F79-A3FA-192AFB3009E7} ()
      [06/09/2007, 13:11:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:30] - Checking for HKLM\...\Winlogon\Notify\jkkji
      [06/09/2007, 13:11:30] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
      [06/09/2007, 13:11:30] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [06/09/2007, 13:11:30] - BHO 5: {8A61098D-612B-4EF2-943D-64E920684061} ()
      [06/09/2007, 13:11:30] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:30] - Checking for HKLM\...\Winlogon\Notify\xxyyvsr
      [06/09/2007, 13:11:30] - Key not found: HKLM\...\Winlogon\Notify\xxyyvsr, continuing.
      [06/09/2007, 13:11:31] - BHO 6: {92A444D2-F945-4dd9-89A1-896A6C2D8D22} ()
      [06/09/2007, 13:11:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:31] - Checking for HKLM\...\Winlogon\Notify\airoiuqw
      [06/09/2007, 13:11:31] - Key not found: HKLM\...\Winlogon\Notify\airoiuqw, continuing.
      [06/09/2007, 13:11:31] - BHO 7: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [06/09/2007, 13:11:31] - BHO 8: {E12BFF69-38A7-406e-A8EF-2738107A7831} ()
      [06/09/2007, 13:11:31] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:31] - Checking for HKLM\...\Winlogon\Notify\bemafpru
      [06/09/2007, 13:11:31] - Key not found: HKLM\...\Winlogon\Notify\bemafpru, continuing.
      [06/09/2007, 13:11:31] - BHO 9: {F156768E-81EF-470C-9057-481BA8380DBA} (gFlash Class)
      [06/09/2007, 13:11:31] - Finished Searching Browser Helper Objects
      [06/09/2007, 13:11:31] - *** Detected MSEvents Object
      [06/09/2007, 13:11:31] - Trying to remove MSEvents Object...
      [06/09/2007, 13:11:32] - Terminating Process: IEXPLORE.EXE
      [06/09/2007, 13:11:32] - Terminating Process: RUNDLL32.EXE
      [06/09/2007, 13:11:32] - Disabling Automatic Shell Restart
      [06/09/2007, 13:11:32] - Terminating Process: EXPLORER.EXE
      [06/09/2007, 13:11:33] - Suspending the NT Session Manager System Service
      [06/09/2007, 13:11:33] - Terminating Windows NT Logon/Logoff Manager
      [06/09/2007, 13:11:33] - Re-enabling Automatic Shell Restart
      [06/09/2007, 13:11:33] - File to disable: C:\WINDOWS\system32\jkhhe.dll
      [06/09/2007, 13:11:33] - Renaming C:\WINDOWS\system32\jkhhe.dll -> C:\WINDOWS\system32\jkhhe.dll.vir
      [06/09/2007, 13:11:33] - ! File rename was unsucessful.
      [06/09/2007, 13:11:33] - Attempting to Deny Access to C:\WINDOWS\system32\jkhhe.dll
      [06/09/2007, 13:11:34] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
      [06/09/2007, 13:11:34] - ERROR: Le mappage entre les noms de compte et les ID de sécurité n'a pas été effectué.

      [06/09/2007, 13:11:34] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
      [06/09/2007, 13:11:34] - Removing HKLM\...\Browser Helper Objects\{27A508E5-7A04-4C3C-9858-46D3E6282CEE}
      [06/09/2007, 13:11:34] - Removing HKCR\CLSID\{27A508E5-7A04-4C3C-9858-46D3E6282CEE}
      [06/09/2007, 13:11:34] - Adding Kill Bit for ActiveX for GUID: {27A508E5-7A04-4C3C-9858-46D3E6282CEE}
      [06/09/2007, 13:11:34] - Deleting ATLEvents/MSEvents Registry entries
      [06/09/2007, 13:11:34] - Removing HKLM\...\Winlogon\Notify\jkhhe
      [06/09/2007, 13:11:34] - Searching for Browser Helper Objects:
      [06/09/2007, 13:11:34] - BHO 1: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (Flashget Catch Url Class)
      [06/09/2007, 13:11:34] - BHO 2: {5F53B0C0-665C-4F79-A3FA-192AFB3009E7} ()
      [06/09/2007, 13:11:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:34] - Checking for HKLM\...\Winlogon\Notify\jkkji
      [06/09/2007, 13:11:34] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
      [06/09/2007, 13:11:34] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [06/09/2007, 13:11:34] - BHO 4: {8A61098D-612B-4EF2-943D-64E920684061} ()
      [06/09/2007, 13:11:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:34] - Checking for HKLM\...\Winlogon\Notify\xxyyvsr
      [06/09/2007, 13:11:34] - Key not found: HKLM\...\Winlogon\Notify\xxyyvsr, continuing.
      [06/09/2007, 13:11:34] - BHO 5: {92A444D2-F945-4dd9-89A1-896A6C2D8D22} ()
      [06/09/2007, 13:11:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:34] - Checking for HKLM\...\Winlogon\Notify\airoiuqw
      [06/09/2007, 13:11:34] - Key not found: HKLM\...\Winlogon\Notify\airoiuqw, continuing.
      [06/09/2007, 13:11:34] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
      [06/09/2007, 13:11:34] - BHO 7: {E12BFF69-38A7-406e-A8EF-2738107A7831} ()
      [06/09/2007, 13:11:34] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:34] - Checking for HKLM\...\Winlogon\Notify\bemafpru
      [06/09/2007, 13:11:35] - Key not found: HKLM\...\Winlogon\Notify\bemafpru, continuing.
      [06/09/2007, 13:11:35] - BHO 8: {E12BFF69-38A7-406e-A8EF-2738107A7831} ()
      [06/09/2007, 13:11:35] - WARNING: BHO has no default name. Checking for Winlogon reference.
      [06/09/2007, 13:11:35] - Checking for HKLM\...\Winlogon\Notify\bemafpru
      [06/09/2007, 13:11:35] - Key not found: HKLM\...\Winlogon\Notify\bemafpru, continuing.
      [06/09/2007, 13:11:35] - BHO 9: {F156768E-81EF-470C-9057-481BA8380DBA} (gFlash Class)
      [06/09/2007, 13:11:35] - Finished Searching Browser Helper Objects
      [06/09/2007, 13:11:35] - Finishing up...
      [06/09/2007, 13:11:35] - A restart is needed.
      [06/09/2007, 13:11:35] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
      [06/09/2007, 13:11:45] - Attempting to Restart via STOP error (Blue Screen!)



      Rapport Hijackthis


      Logfile of HijackThis v1.99.1
      Scan saved at 13:17:10, on 09/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Apps\Powercinema\PCMService.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\PowerISO\PWRISOVM.EXE
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      C:\Program Files\iPod Access for Windows\iPAHelper.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Downloads\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      F2 - REG:system.ini: UserInit=userinit.exe
      O1 - Hosts: 82.231.144.169 apogee.lineage2.com
      O1 - Hosts: 91.121.8.140 L2authd.lineage2.com
      O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\tndvqmkv.dll",realset
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



      Report SDfix

      SDFix: Version 1.86

      Run by Eric - 09/06/2007 - 13:49:23,43

      Microsoft Windows XP [version 5.1.2600]

      Running From: C:\SDFix

      Safe Mode:
      Checking Services:






      Restoring Windows Registry Values
      Restoring Windows Default Hosts File
      Restoring Missing Security Center Service
      Restoring Missing SharedAccess Service

      Rebooting...

      Service xpdx - Deleted after Reboot

      Normal Mode:
      Checking Files:

      Below files will be copied to Backups folder then removed:

      C:\WINDOWS\Temp\win31.tmp.exe - Deleted
      C:\WINDOWS\Temp\win8A.tmp.exe - Deleted
      C:\WINDOWS\Temp\win8F.tmp.exe - Deleted
      C:\WINDOWS\Temp\win31.tmp.exe - Deleted
      C:\WINDOWS\Temp\win8A.tmp.exe - Deleted
      C:\WINDOWS\Temp\win8F.tmp.exe - Deleted
      C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll - Deleted
      C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00002.dll - Deleted
      C:\WINDOWS\Temp\$_2341233.TMP - Deleted
      C:\WINDOWS\Temp\$_2341234.TMP - Deleted
      C:\WINDOWS\Temp\$b17a2e8.tmp - Deleted
      C:\WINDOWS\Temp\removalfile.bat - Deleted
      C:\WINDOWS\system32\xpdx.sys - Deleted
      C:\WINDOWS\Temp\win*.tmp - Deleted
      C:\DOCUME~1\Eric\LOCALS~1\Temp\win*.tmp - Deleted



      Removing Temp Files...

      ADS Check:

      Checking if ADS is attached to system32 Folder
      C:\WINDOWS\system32
      No streams found.

      Checking if ADS is attached to svchost.exe
      C:\WINDOWS\system32\svchost.exe
      No streams found.

      Checking if ADS is attached to ntoskrnl.exe
      C:\WINDOWS\system32\ntoskrnl.exe
      No streams found.



      Final Check:

      Remaining Services:
      ------------------



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
      "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
      "%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
      "C:\\Program Files\\Starcraft\\starcraft.exe"="C:\\Program Files\\Starcraft\\starcraft.exe:*:Enabled:Starcraft - Brood War"
      "C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa Media Desktop"
      "C:\\APPS\\skype\\phone\\Skype.exe"="C:\\APPS\\skype\\phone\\Skype.exe:*:Enabled:Skype"
      "C:\\Program Files\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe"="C:\\Program Files\\Reality Pump\\Earth 2160\\Earth2160_NO_SSE.exe:*:Enabled:Earth 2160"
      "C:\\Program Files\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe"="C:\\Program Files\\Reality Pump\\Earth 2160\\Earth2160_SSE.exe:*:Enabled:Earth 2160"
      "C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"="C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe:*:Enabled:Pro Cycling Manager"
      "C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\kaiba62@hotmail.com\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\kaiba62@hotmail.com\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
      "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
      "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
      "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
      "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
      "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
      "C:\\Program Files\\Phantasy Star Online\\Pso.exe"="C:\\Program Files\\Phantasy Star Online\\Pso.exe:*:Enabled:Pso"
      "C:\\Program Files\\Sports Interactive\\Football Manager 2006\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2006\\fm.exe:*:Enabled:Football Manager 2006"
      "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
      "C:\\Program Files\\Valve\\Steam\\SteamApps\\kaiba62@hotmail.com\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\kaiba62@hotmail.com\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
      "D:\\hl2.exe"="D:\\hl2.exe:*:Enabled:hl2"
      "C:\\Program Files\\HL2\\hl2.exe"="C:\\Program Files\\HL2\\hl2.exe:*:Enabled:hl2"
      "C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
      "C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
      "C:\\Program Files\\Xolox\\XoloxEXE.exe"="C:\\Program Files\\Xolox\\XoloxEXE.exe:*:Enabled:Xolox"
      "C:\\Program Files\\Xolox\\mldonkey\\mlnet.exe"="C:\\Program Files\\Xolox\\mldonkey\\mlnet.exe:*:Enabled:MLdonkey - multiuser P2P daemon"
      "C:\\Documents and Settings\\Eric\\Local Settings\\Temp\\powerfootball\\PowerFootball-D3D9.exe"="C:\\Documents and Settings\\Eric\\Local Settings\\Temp\\powerfootball\\PowerFootball-D3D9.exe:*:Enabled:PowerFootball-D3D9"
      "C:\\Documents and Settings\\Eric\\Local Settings\\Temp\\powerfootball\\PowerFootball-OpenGL.exe"="C:\\Documents and Settings\\Eric\\Local Settings\\Temp\\powerfootball\\PowerFootball-OpenGL.exe:*:Enabled:PowerFootball-OpenGL"
      "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE:*:Enabled:Age of Empires II"
      "C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*:Enabled:Battlefield 2"
      "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
      "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
      "C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe:*:Enabled:Football Manager 2007"
      "C:\\Program Files\\Lineage II\\Lineage II Apog‚e.exe"="C:\\Program Files\\Lineage II\\Lineage II Apog‚e.exe:*:Enabled:Lineage II Apog‚e"
      "C:\\Program Files\\Lineage II\\system\\l2.exe"="C:\\Program Files\\Lineage II\\system\\l2.exe:*:Enabled:l2"
      "C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"="C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe:*:Enabled:DarkCrusade"
      "C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
      "C:\\Program Files\\UT2004\\System\\UT2004.exe"="C:\\Program Files\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
      "C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
      "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
      "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
      "C:\\Documents and Settings\\Eric\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Eric\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
      "C:\\Program Files\\F-IRC\\f-irc.exe"="C:\\Program Files\\F-IRC\\f-irc.exe:*:Enabled:Client IRC"
      "C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
      "C:\\Program Files\\EA SPORTS\\NBA LIVE 07\\nbalive07.exe"="C:\\Program Files\\EA SPORTS\\NBA LIVE 07\\nbalive07.exe:*:Enabled:NBA LIVE 07"
      "C:\\DOCUME~1\\Eric\\LOCALS~1\\Temp\\win8.tmp.exe"="C:\\DOCUME~1\\Eric\\LOCALS~1\\Temp\\win8.tmp.exe:*:Enabled:win8.tmp"
      "C:\\WINDOWS\\TEMP\\win17.tmp.exe"="C:\\WINDOWS\\TEMP\\win17.tmp.exe:*:Enabled:win17.tmp"
      "C:\\WINDOWS\\TEMP\\win83.tmp.exe"="C:\\WINDOWS\\TEMP\\win83.tmp.exe:*:Enabled:win83.tmp"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
      "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

      Remaining Files:
      ---------------

      Backups Folder: - C:\SDFix\backups\backups.zip

      Listing Files with Hidden Attributes:

      C:\Program Files\FlashGet\Torrent\Virtua Tennis 3 [English][PCDVD][WwW.GamesTorrents.CoM].torrent.bits
      C:\Program Files\FlashGet\Torrent\Virtua Tennis 3 [English][PCDVD][WwW.GamesTorrents.CoM].torrent.filelist
      C:\Program Files\FlashGet\Torrent\Virtua Tennis 3 [English][PCDVD][WwW.GamesTorrents.CoM].torrent.seeds
      C:\Program Files\FlashGet\Torrent\Virtua Tennis 3 [English][PCDVD][WwW.GamesTorrents.CoM].torrent.~tmp
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\AS_Skins\boutons\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\AS_Skins\fond\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\AS_Skins\Form\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\AS_Skins\Form\Bg\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\AS_Skins\Form\Bouton\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\BG\Actuel\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\BG\Default\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\BG\RS\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\BG\Temp\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\BG\Temp2\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\radial.cdb
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\Bleach\1\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\Bleach\2\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\Bleach\3\dbx-sweety-draws\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\Bleach\4\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\Bleach\5\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\Bleach\6\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\DBZ\C18 et le ruban rouge\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\DBZ\Entrainement sp‚cial\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\DBZ\La dette\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\DBZ\Le jour d avant\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\Slurt Girl\1\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike\Addons\amxmodx\configs\Slurt Girl\3\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\cstrike_french\models\player\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\overviews\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Controls\Bouton_About\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Controls\Bouton_Exit\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Controls\Bouton_Exit_2\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Controls\Bouton_Main_Opt\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Controls\Bouton_Minimize\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Controls\Bouton_misc_partie_droite\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Controls\Bouton_misc_partie_gauche\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Controls\Bouton_radio\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Controls\Cases … cocher\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Form\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Form\Bg\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Form\Bouton\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\Default\Form1\Thumbs.db
      C:\Program Files\Valve\Steam\SteamApps\kaiba62@hotmail.com\counter-strike\RS_Skins\FormAuthorInfos\!! -- PRIVATE -- !!\Thumbs.db
      C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll
      C:\WINDOWS\system32\jkhhe.dll
      C:\Program Files\AOL 9.0\aolphx.exe
      C:\Program Files\AOL 9.0\aoltray.exe
      C:\Program Files\AOL 9.0\RBM.exe
      C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

      Listing User Accounts:

      comptes d'utilisateurs de \\PORTABLE

      Administrateur ASPNET Eric
      HelpAssistant Invit‚ SUPPORT_388945a0
      La commande s'est termin‚e correctement.


      Finished



      Rapport Hijackthis

      Logfile of HijackThis v1.99.1
      Scan saved at 14:23:53, on 09/06/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      C:\Program Files\iPod Access for Windows\iPAHelper.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\slserv.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\svchost.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
      C:\Apps\Powercinema\PCMService.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\PowerISO\PWRISOVM.EXE
      C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Downloads\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\tndvqmkv.dll",realset
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
      O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



      Voila, alors apparement les pubs ont disparues, ainsi que le bug qui me coupé IE. De plus, l'ordinateur semble avoir retrouvé de sa rapidité.
      Merci encore une fois pour le travail ainsi que pour la rapidité.
      0
      1. Alex > Alex
         
        J'ai peut etre parlé un peus trop vite, j'ai eu depuis quelque pubs :x
        0
  4. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    avec hijack this coche ceci :

    O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\tndvqmkv.dll",realset

    quitte tes applications et fix/check la ligne ci dessous...

    Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
    copie la ligne ci dessous :

    c:\windows\system32\tndvqmkv.dll",realset

    Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

    Tu peux vérifier dans le menu déroulant que le fichier est bien présent.
    - coche la case "Unregister dll before deleting" (si tu en as la possibilité)
    - clique sur le bouton "All files"
    - clique ensuite sur la croix rouge

    Au deux messages qui vont s'afficher, tu réponds par "YES"
    L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

    Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
    Poste le rapport ici

    Va sur ce lien et télécharge Blacklight(de F-Secure) :
    < https://www.f-secure.com/en > et sauvegarde le sur ton Bureau
    Consulte le tuto de Malekal_morte ici :
    < https://www.malekal.com/tutorial-f-secure-blacklight/ >
    Tu suis le tuto pour la phase 1 (scan) et tu postes le rapport de blacklight dans ta réponse.

    @+
    0
    1. Alex
       
      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 11:43 AM

      Killbox Closed(Exit) @ 11:44:10 AM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 11:44 AM

      # 1 [Delete on Reboot]
      Path = c:\windows\system32\orkvienh.dll",realset


      I Rebooted @ 11:45:39 AM
      Killbox Closed(Exit) @ 11:45:41 AM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 11:51 AM

      Killbox Closed(Exit) @ 11:56:15 AM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 1:01 PM

      # 1 [Delete on Reboot]
      Path = c:\windows\system32\tndvqmkv.dll",realset


      PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:43 PM
      Killbox Closed(Exit) @ 1:04:47 PM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ samedi, juin 09, 2007, 1:09 PM

      Killbox Closed(Exit) @ 1:10:19 PM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ dimanche, juin 10, 2007, 12:10 AM

      # 1 [Delete on Reboot]
      Path = C:\WINDOWS\system32\tndvqmkv.dll",realset


      PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:11:40 AM
      Killbox Closed(Exit) @ 12:12:02 AM
      __________________________________________________

      Pocket Killbox version 2.0.0.648
      Running on Windows XP as Eric(Administrator)
      was started @ dimanche, juin 10, 2007, 12:18 AM


      Par contre, impossible d'éffectuer le deuxieme scan, lorsque je lance le programme, j'ai ce message d'érreur: F-Secure Blacklight could not acquire necessary privileges (SeDebugPrivilege)
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    c´est quel genre de pubs?

    Télécharge ceci:
    http://sosvirus.changelog.fr/Green_day/Lopxp.exe

    Lance Lopxp.bat.
    Au menu, choisis l'option 1 "Rechercher / Générer un rapport"
    Patiente et lorsque l'on te demande d'appuyer sur une touche, appuie.
    Ensuite, le rapport s'ouvre, copie colle le en entier sur le forum.

    @+
    0
    1. Alex
       
      Des pubs pour des des antivirus ou firewall je sais pas trop, celles qui disent qu'on est infecté par je ne sais combien de virus/spyware...

      Pour lopxp, lorsque je lance la recherche, celle ci démarre puis s'arrete en affichant l'erreur: "le systeme n'a pas pu trouver la clef ou la valeur de registre spécifiée"
      0
  7. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    et bien on est bien avancé avec ca...

    est- ce que tu as messenger plus?

    fais celui la :

    "Silent Runners.vbs", revision 36, https://www.silentrunners.org/
    0
  8. Alex
     
    Oui j'ai messenger plus.

    Voila le rapport:
    "Silent Runners.vbs", revision R50, https://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Steam" = "(empty string)" [file not found]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
    "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
    "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
    "SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
    "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
    "Raccourci vers la page des propriétés de High Definition Audio" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
    "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
    "AzMixerSel" = "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" ["Realtek Semiconductor Corp."]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /installquiet" ["NVIDIA Corporation"]
    "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
    "PCMService" = ""c:\Apps\Powercinema\PCMService.exe"" ["CyberLink Corp."]
    "REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
    "NeroFilterCheck" = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
    "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
    "DiskeeperSystray" = ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"" ["Diskeeper Corporation"]
    "PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."]
    "vajmfsjo.exe" = "C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe" [null data]
    "ApachInc" = "rundll32.exe "C:\WINDOWS\system32\opfenvqs.dll",realset" [MS]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Flashget Catch Url Class"
    \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"]
    {5F53B0C0-665C-4F79-A3FA-192AFB3009E7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\jkkji.dll" [file not found]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "SSVHelper Class"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
    {85C13756-4EA6-45A2-9ACA-725257F66315}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\jkhhe.dll" [null data]
    {8A61098D-612B-4EF2-943D-64E920684061}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hggfedd.dll" [null data]
    {92A444D2-F945-4dd9-89A1-896A6C2D8D22}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\airoiuqw.dll" [null data]
    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Google Toolbar Helper"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
    {E12BFF69-38A7-406e-A8EF-2738107A7831}\(Default) = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\bemafpru.dll" [null data]
    {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "gFlash Class"
    \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" [empty string]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
    "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
    -> {HKLM...CLSID} = "DesktopContext Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
    -> {HKLM...CLSID} = "Desktop Explorer"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
    -> {HKLM...CLSID} = "nView Desktop Context Menu"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
    -> {HKLM...CLSID} = "RecordNow! SendToExt"
    \InProcServer32\(Default) = "C:\Apps\RecordNow\shlext.dll" [null data]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
    \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
    -> {HKLM...CLSID} = "NVIDIA CPL Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
    "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
    -> {HKLM...CLSID} = "AlcoholShellEx"
    \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
    "{9175A08B-AF17-4DD6-B7D2-3FE73734DA28}" = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\my3216.dll" [file not found]
    "{19583F4F-2D2A-43AF-8773-153434029D9F}" = (no title provided)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\bwotvid.dll" [file not found]
    "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
    -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
    -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
    "{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}" = "ImageResizer Shell Extension"
    -> {HKLM...CLSID} = "ImageResizer Shell Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software"]
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
    -> {HKLM...CLSID} = "iTunes"
    \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
    "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
    -> {HKLM...CLSID} = "Mes dossiers de partage"
    \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
    "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
    -> {HKLM...CLSID} = "PowerISO"
    \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
    <<!>> "{8A61098D-612B-4EF2-943D-64E920684061}" = "*Z" (unwritable string)
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hggfedd.dll" [null data]

    HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> hggfedd\DLLName = "hggfedd.dll" [null data]
    <<!>> jkhhe\DLLName = "C:\WINDOWS\system32\jkhhe.dll" [null data]
    <<!>> winrkp32\DLLName = "winrkp32.dll" [null data]

    HKLM\Software\Classes\PROTOCOLS\Filter\
    <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

    HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
    -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
    \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
    -> {HKLM...CLSID} = "PowerISO"
    \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
    -> {HKLM...CLSID} = "PowerISO"
    \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
    -> {HKLM...CLSID} = "avast"
    \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
    ImageResizer\(Default) = "{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}"
    -> {HKLM...CLSID} = "ImageResizer Shell Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software"]
    PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
    -> {HKLM...CLSID} = "PowerISO"
    \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
    WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
    -> {HKLM...CLSID} = "WinRAR"
    \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

    Group Policies {policy setting}:
    --------------------------------

    Note: detected settings may not have any effect.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) hex:0x00000001
    {Devices: Allow undock without having to log on}

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Enabled Screen Saver:
    ---------------------

    HKCU\Control Panel\Desktop\
    "SCRNSAVE.EXE" = "C:\WINDOWS\RESIDE~1.SCR" (Resident Evil 4.scr) ["Comis"]

    Startup items in "Eric" & "All Users" startup folders:
    ------------------------------------------------------

    C:\Documents and Settings\Eric\Menu Démarrer\Programmes\Démarrage
    "Adobe Gamma" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

    Enabled Scheduled Tasks:
    ------------------------

    "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet"
    -> {HKLM...CLSID} = "FlashGet"
    \InProcServer32\(Default) = "C:\Program Files\FlashGet\fgiebar.dll" ["Amaze Soft"]
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
    -> {HKLM...CLSID} = "&Google"
    \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "Real.com"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

    HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
    -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
    -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
    \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    "ButtonText" = "Recherche"

    {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
    "ButtonText" = "Real.com"

    {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
    "ButtonText" = "FlashGet"
    "MenuText" = "FlashGet"
    "Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    (unwritable string)

    Missing lines (compared with English-language version):
    [Version]: 2 lines
    [RestoreHomePage]: 1 line
    [RestoreHomePage.reg]: 1 line
    [RestoreBrowserSettings.reg]: 12 lines
    [DeleteTemplates.reg]: 5 lines
    [DeleteAutosearch.reg]: 1 line
    [Strings]: 1 line
    [RestoreBrowserSettings]: 2 lines
    [Strings]: 3 lines

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
    avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
    avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
    avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
    avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
    Carte de performance WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS]
    CyberLink Background Capture Service (CBCS), CLCapSvc, ""c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"" [empty string]
    CyberLink Task Scheduler (CTS), CLSched, ""c:\APPS\Powercinema\Kernel\TV\CLSched.exe"" [empty string]
    Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"]
    iPAHelper.exe, iPAHelper.exe, "C:\Program Files\iPod Access for Windows\iPAHelper.exe" ["Findley Designs, Inc."]
    iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
    Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
    NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    SmartLinkService, SLService, "slserv.exe" [" "]
    StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

    ----------
    <<!>>: Suspicious data at a malware launch point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 45 seconds, including 19 seconds for message boxes)
    0
  9. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    ok c´est messenger plus qui te pourrie la vie avec des pubs...

    lis ce qui suit et desinstale messenger plus..

    Messenger plus est un add-on non officiel à "Messenger MSN", gratuit grâce à la sponsorisation. Malheureusement ils ont choisi comme sponsor, ni plus ni moins, LOP.COM !!!

    On le voit à un bouton installé dans la barre et qui porte un nom quelconque, généré aléatoirement, à la volée, de manière à empêcher les anti-spywares de le détecter par la méthode des signatures.

    Lop.com est une des pire cochonneries qui s'installent sournoisement sur nos machines, furtif et très difficile à retirer. Son installation se fait en utilisant des noms et des clés de registres générées aléatoirement. Il s'installe, du point de vue technique, partiellement sous la forme d'un Bho hostile dont le nom et la clé de registre sont générés aléatoirement ce qui fait des billions (milliers de millions) de combinaisons possibles. Impossible d'en faire une liste ce qui rend le travail des anti-spywares basés sur des scanners et des listes de signatures, totalement impossible.

    Pour éradiquer Messenger Plus, il suffit de passer par le classique panneau de configuration de Windows et, dans ajout/suppression de programmes, il suffit de supprimer (désinstaller)

    * Messenger Plus
    * Messenger Plus Random Quote Addon

    Mais ceci ne supprime pas lop.com.

    Il existe un outil pour retirer lop.com, qui traîne encore sur l'ordinateur après éradication de Messenger Plus:

    * http://lop.com/toolbar_uninstall.exe

    Toutefois il s'agit d'un programme exécutable, qui plus est sur le site de lop.com, ce qui, comme d'habitude, succite un peu de méfiance.

    Vous pouvez, ensuite, réinstaller "Messenger Plus" - mais en DECOCHANT la case "sponsor" puisque vous avez le choix.

    2
    rends toi sur ce site :

    http://www.virustotal.com/en/virustotalx.html

    et fais analyser ceci :

    C:\WINDOWS\system32\opfenvqs.dll

    tu l´upload dans la case en haut a droite en fesant parcourir.

    poste le rapport ici

    mets aussi un nouveau hijack this

    @+
    0
  10. Alex
     
    Pour msn plus je l'ai désinstallé, meme si je pense que j'avais refusé le sponsor.

    Voila le rapport.

    STATUS: FINISHEDComplete scanning result of "opfenvqs.dll", received in VirusTotal at 06.10.2007, 21:08:08 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.5.9.0 05.09.2007 no virus found
    AntiVir 7.4.0.32 06.09.2007 ADSPY/Virtumonde.AR.10
    Authentium 4.93.8 05.23.2007 no virus found
    Avast 4.7.997.0 06.09.2007 no virus found
    AVG 7.5.0.467 05.08.2007 no virus found
    BitDefender 7.2 06.10.2007 GenPack:Trojan.Vundo.DLZ
    CAT-QuickHeal 9.00 06.09.2007 Adware.Virtumonde.gen (Not a Virus)
    ClamAV devel-20070416 05.09.2007 Trojan.Packed-7
    DrWeb 4.33 06.10.2007 Trojan.Virtumod
    eSafe 7.0.15.0 05.08.2007 no virus found
    eTrust-Vet 30.7.3707 06.09.2007 no virus found
    FileAdvisor 1 06.10.2007 no virus found
    Fortinet 2.85.0.0 06.10.2007 suspicious
    F-Prot 4.3.2.48 05.08.2007 no virus found
    F-Secure 6.70.13030.0 05.09.2007 no virus found
    Ikarus T3.1.1.7 05.09.2007 no virus found
    Kaspersky 4.0.2.24 06.10.2007 not-a-virus:AdWare.Win32.Virtumonde.ar
    McAfee 5049 06.08.2007 no virus found
    Microsoft 1.2503 06.10.2007 no virus found
    NOD32v2 2321 06.10.2007 Win32/Adware.Virtumonde
    Norman 5.80.02 06.08.2007 Vundo.gen25
    Panda 9.0.0.4 06.10.2007 Spyware/Virtumonde
    Prevx1 V2 06.10.2007 no virus found
    Sophos 4.18.0 06.01.2007 Virtumundo
    Sunbelt 2.2.907.0 05.05.2007 VIPRE.Suspicious
    Symantec 10 05.09.2007 no virus found
    TheHacker 6.1.6.131 06.08.2007 Adware/Virtumonde.ar
    VBA32 3.12.0 06.10.2007 Application.Win32.Adware.Virtumonde
    VirusBuster 4.3.23:9 06.10.2007 Adware.Vundo.Gen!Pac.14
    Webwasher-Gateway 6.0.1 05.09.2007 Worm.Win32.Malware.gen (suspicious)

    Aditional Information
    File size: 131124 bytes
    MD5: 311ba1e49008162c2494f00a8dda4fd8
    SHA1: a5fcbf23e08a629b04f684e78c6f1ba97b9454b0
    Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
    0
  11. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
    copie la ligne ci dessous :

    c:\windows\system32\opfenvqs.dll

    Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

    Tu peux vérifier dans le menu déroulant que le fichier est bien présent.
    - coche la case "Unregister dll before deleting" (si tu en as la possibilité)
    - clique sur le bouton "All files"
    - clique ensuite sur la croix rouge

    Au deux messages qui vont s'afficher, tu réponds par "YES"
    L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

    Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
    Poste le rapport ici

    refais un vundofix et post le rapport ici,

    post aussi un hijack this

    tu as encore des pubs?

    @+
    0
  12. Alex
     
    Désolé pour l'attente.

    Voila KillBox

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 11:43 AM
    a
    Killbox Closed(Exit) @ 11:44:10 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 11:44 AM

    # 1 [Delete on Reboot]
    Path = c:\windows\system32\orkvienh.dll",realset

    I Rebooted @ 11:45:39 AM
    Killbox Closed(Exit) @ 11:45:41 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 11:51 AM

    Killbox Closed(Exit) @ 11:56:15 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 1:01 PM

    # 1 [Delete on Reboot]
    Path = c:\windows\system32\tndvqmkv.dll",realset

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:43 PM
    Killbox Closed(Exit) @ 1:04:47 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 1:09 PM

    Killbox Closed(Exit) @ 1:10:19 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ dimanche, juin 10, 2007, 12:10 AM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\system32\tndvqmkv.dll",realset

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:11:40 AM
    Killbox Closed(Exit) @ 12:12:02 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ dimanche, juin 10, 2007, 12:18 AM

    Killbox Closed(Exit) @ 12:21:01 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ mardi, juin 12, 2007, 3:53 PM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\system32\opfenvqs.dll

    I Rebooted @ 3:55:38 PM
    Killbox Closed(Exit) @ 3:55:41 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ mardi, juin 12, 2007, 4:03 PM


    J'ai aussi fais vundo et voila le rapport Hijackthis

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 16:21:48, on 12/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Downloads\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {5861ABCC-1CF6-44D5-8B9A-1912E92D0B0E} - C:\WINDOWS\system32\jkhhe.dll (file missing)
    O2 - BHO: (no name) - {5F53B0C0-665C-4F79-A3FA-192AFB3009E7} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {77C5EF32-88D6-40AA-AA80-82ED38D52EE0} - C:\WINDOWS\system32\codfrebr.dll
    O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\hggfedd.dll (file missing)
    O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\airoiuqw.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\bemafpru.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [vajmfsjo.exe] C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\gbaqeocs.dll",realset
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\
    O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O24 - Desktop Component 0: (no name) - (no file)
    0
  13. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut alex,

    telecharge :

    http://www.techsupportforum.com/sectools/combofix.exe

    tu le télécharge sur ton bureau.

    desactive ton anti virus et autre protection pas le par feu.

    click sur combofix.exe et suis les instructions a l´ecran.

    quand il aura terminé il va produire un log, poste le dans ta prochaine reponse.

    ps : ne click pas avec ta sourie pendant qu´il effectue le scan et les réparations...

    @+
    0
    1. Alex
       
      Voici le rapport:


      ComboFix 07-06-11.3
      "xtrx" - 2007-06-14 0:27:27 - Service Pack 2 NTFS


      (((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

      REGISTRY ENTRIES REMOVED:

      [HKEY_CLASSES_ROOT\clsid\{9175A08B-AF17-4DD6-B7D2-3FE73734DA28}]
      @=""

      [HKEY_CLASSES_ROOT\clsid\{9175A08B-AF17-4DD6-B7D2-3FE73734DA28}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\clsid\{9175A08B-AF17-4DD6-B7D2-3FE73734DA28}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\clsid\{9175A08B-AF17-4DD6-B7D2-3FE73734DA28}\InprocServer32]
      @="C:\\WINDOWS\\system32\\my3216.dll"
      "ThreadingModel"="Apartment"


      [HKEY_CLASSES_ROOT\clsid\{19583F4F-2D2A-43AF-8773-153434029D9F}]
      @=""

      [HKEY_CLASSES_ROOT\clsid\{19583F4F-2D2A-43AF-8773-153434029D9F}\Implemented Categories]
      @=""

      [HKEY_CLASSES_ROOT\clsid\{19583F4F-2D2A-43AF-8773-153434029D9F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
      @=""

      [HKEY_CLASSES_ROOT\clsid\{19583F4F-2D2A-43AF-8773-153434029D9F}\InprocServer32]
      @="C:\\WINDOWS\\system32\\bwotvid.dll"
      "ThreadingModel"="Apartment"

      * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


      Granting SeDebugPrivilege to Administrateurs ... successful


      (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


      C:\WINDOWS\system32\bemafpru.dll
      C:\WINDOWS\system32\codfrebr.dll
      C:\WINDOWS\system32\iibkwiuq.dll
      C:\WINDOWS\system32\ijrbnewu.dll
      C:\WINDOWS\system32\winrkp32.dll
      C:\WINDOWS\system32\quiwkbii.ini
      C:\WINDOWS\system32\orutv.bak1
      C:\WINDOWS\system32\orutv.ini
      C:\WINDOWS\system32\orutv.bak1
      C:\WINDOWS\system32\orutv.ini
      C:\WINDOWS\system32\vturo.dll
      C:\WINDOWS\system32\iifdbyv.dll


      * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


      C:\Program Files\Fichiers communs\Yazzle1162OinAdmin.exe
      C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe


      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


      -------\LEGACY_CMDSERVICE
      -------\LEGACY_NETWORK_MONITOR


      ((((((((((((((((((((((((( Files Created from 2007-05-13 to 2007-06-13 )))))))))))))))))))))))))))))))


      2007-06-13 12:20 122,900 --a------ C:\WINDOWS\system32\yxkdtejg.exe
      2007-06-12 18:14 49,152 --a------ C:\WINDOWS\nircmd.exe
      2007-06-12 18:09 <REP> d-------- C:\Program Files\Windows Live
      2007-06-12 18:07 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
      2007-06-12 12:46 <REP> d-------- C:\Program Files\Messenger Plus! Live
      2007-06-09 15:55 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\vajmfsjo.exe
      2007-06-09 11:56 <REP> d-------- C:\VundoFix Backups
      2007-06-09 11:53 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2007-06-09 11:52 <REP> d-------- C:\Program Files\Navilog1
      2007-06-09 11:43 <REP> d-------- C:\!KillBox
      2007-06-08 21:56 55,316 --a------ C:\WINDOWS\system32\airoiuqw.dll
      2007-06-07 18:03 967 --a------ C:\WINDOWS\SCUnin.pif
      2007-06-07 18:03 70,656 --a------ C:\WINDOWS\SCUnin.exe
      2007-06-07 18:03 35,041 --a------ C:\WINDOWS\scunin.dat
      2007-06-07 17:15 <REP> d-------- C:\Program Files\PowerISO
      2007-06-07 16:55 55,316 --a------ C:\WINDOWS\system32\usygbnmi.dll
      2007-06-07 16:54 2,580 --a------ C:\WINDOWS\system32\htafokya.exe
      2007-06-07 16:49 1,536 --a------ C:\wyjgsa.exe
      2007-06-06 17:42 <REP> d-------- C:\SIERRA
      2007-06-06 17:31 <REP> d-------- C:\WINDOWS\PSOFT
      2007-06-05 12:48 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
      2007-06-04 15:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aspyr
      2007-06-04 15:43 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
      2007-06-04 15:32 <REP> d-------- C:\Program Files\Aspyr


      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

      2007-06-13 22:29:05 -------- d-----w C:\Program Files\FlashGet
      2007-06-12 16:09:40 -------- d-----w C:\Program Files\MSN Messenger
      2007-06-11 17:52:30 -------- d-----w C:\Program Files\LimeWire
      2007-06-11 08:03:10 -------- d-----w C:\Program Files\MessengerPlus! 3
      2007-06-09 18:27:27 -------- d-----w C:\Program Files\HT Ratings
      2007-06-08 20:44:07 -------- d-----w C:\Program Files\mIRC
      2007-06-08 19:39:09 -------- d-----w C:\Program Files\Starcraft
      2007-06-08 09:59:56 72,954 ----a-w C:\WINDOWS\system32\perfc00C.dat
      2007-06-08 09:59:56 462,210 ----a-w C:\WINDOWS\system32\perfh00C.dat
      2007-05-17 20:07:36 -------- d-----w C:\Program Files\eMule
      2007-05-17 16:44:36 -------- d-----w C:\Program Files\Voyage Century Online
      2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
      2007-05-16 12:48:23 -------- d-----w C:\DOCUME~1\Eric\APPLIC~1\SopCast
      2007-05-12 15:14:34 -------- d-----w C:\Program Files\Maxis
      2007-05-07 20:03:38 2,481,067 ----a-w C:\WINDOWS\Resident Evil 4.scr
      2007-05-06 17:01:09 -------- d-----w C:\DOCUME~1\Eric\APPLIC~1\TransRender
      2007-05-04 21:29:56 -------- d-----w C:\DOCUME~1\Eric\APPLIC~1\Temporary
      2007-05-04 21:29:56 -------- d-----w C:\DOCUME~1\Eric\APPLIC~1\ConvertTemp
      2007-05-04 21:29:55 -------- d-----w C:\DOCUME~1\Eric\APPLIC~1\Samsung
      2007-05-04 17:17:38 -------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-05-04 17:17:38 -------- d-----w C:\Program Files\Samsung
      2007-04-29 19:50:47 -------- d-----w C:\Program Files\MessengerDiscovery
      2007-04-29 19:50:33 -------- d-----w C:\Program Files\MSXML 4.0
      2007-04-29 19:50:32 -------- d-----w C:\Program Files\Google
      2007-04-29 19:50:31 -------- d-----w C:\Program Files\RegCleaner
      2007-04-25 19:01:25 -------- d-----w C:\Program Files\SopCast
      2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
      2007-04-22 18:04:19 -------- d-----w C:\Program Files\F-IRC
      2007-04-22 12:40:21 -------- d-----w C:\Program Files\DAEMON Tools
      2007-04-22 12:33:37 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
      2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
      2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
      2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
      2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
      2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
      2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
      2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
      2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
      2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
      2007-03-31 17:26:24 249,856 ------w C:\WINDOWS\Setup1.exe
      2007-03-31 17:26:22 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
      2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll


      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
      {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\Program Files\FlashGet\jccatch.dll [2006-12-11 19:35]
      {5861ABCC-1CF6-44D5-8B9A-1912E92D0B0E}=C:\WINDOWS\system32\jkhhe.dll []
      {5F53B0C0-665C-4F79-A3FA-192AFB3009E7}=C:\WINDOWS\system32\jkkji.dll []
      {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
      {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-02-03 13:04]
      {F156768E-81EF-470C-9057-481BA8380DBA}=C:\Program Files\FlashGet\getflash.dll [2006-11-06 17:09]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 18:44]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 18:43]
      "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 C:\WINDOWS\system32\HdAShCut.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2005-05-04 17:28 C:\WINDOWS\RTHDCPL.EXE]
      "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-26 10:08]
      "nwiz"="nwiz.exe" [2005-07-01 23:40 C:\WINDOWS\system32\nwiz.exe]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
      "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48]
      "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
      "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-16 12:03]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 19:28]
      "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
      "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 13:38]
      "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-04-09 14:23]
      "vajmfsjo.exe"="C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe" [2007-06-09 15:55]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Steam"="" []
      "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 17:03]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
      "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
      "c:\progra~1\valve\steam\steam.ex" -silent

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      Usnsvc usnsvc
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
      NtmlSvc


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{983eee70-b74d-11db-a29d-00038a000015}]
      AutoRun\command- setup.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c29a8b6a-a3a7-11da-a0b9-00038a000015}]
      AutoRun\command- F:\autorun.exe


      Contents of the 'Scheduled Tasks' folder
      2007-06-09 13:42:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

      **************************************************************************

      catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-06-14 00:35:09
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Completion time: 2007-06-14 0:36:57 - machine was rebooted
      C:\ComboFix-quarantined-files.txt ... 2007-06-14 00:36

      --- E O F ---
      0
  14. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut alex,

    1
    ¤ Télécharge Clean
    ----> http://www.malekal.com/download/clean.zip

    Dézippe tout le contenu dans le même dossier. Double clic sur clean ou clean.cmd choisissez l'option 1.
    Un rapport va s'ouvrir, copie et colle le contenu ici

    2
    fait quand meme ceci pour messenger plus :

    http://lop.com/toolbar_uninstall.exe

    3
    essait de voire si tu arrive a faire le balck light maintenant...

    Va sur ce lien et télécharge Blacklight(de F-Secure) :
    < https://www.f-secure.com/en > et sauvegarde le sur ton Bureau
    Consulte le tuto de Malekal_morte ici :
    < https://www.malekal.com/tutorial-f-secure-blacklight/ >
    Tu suis le tuto pour la phase 1 (scan) et tu postes le rapport de blacklight dans ta réponse.

    @+
    0
    1. Alex
       
      Voila le rapport de Clean:

      14/06/2007 a 17:37:08,53

      *** Recherche des fichiers dans C:
      C:\StubInstaller.exe FOUND

      *** Recherche des fichiers dans C:\WINDOWS\

      *** Recherche des fichiers dans C:\WINDOWS\system32
      "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
      "C:\Documents and Settings\Eric\Application Data\ezpinst.exe" FOUND

      *** Recherche des fichiers dans C:\Program Files
      "C:\Program Files\Need2Find\" FOUND
      "C:\Program Files\Viewpoint\" FOUND
      *** Fin du rapport !



      Et le rapport de Blacklight, qui n'a rien trouvé.

      06/14/07 17:15:51 [Info]: BlackLight Engine 1.0.61 initialized
      06/14/07 17:15:51 [Info]: OS: 5.1 build 2600 (Service Pack 2)
      06/14/07 17:15:52 [Note]: 7019 4
      06/14/07 17:15:52 [Note]: 7005 0
      06/14/07 17:15:59 [Note]: 7007 0
      0
  15. moK´s@ Messages postés 4410 Statut Membre 89
     
    re,

    Redémarre en mode sans échec :

    ¤Démarre en mode sans échec :
    Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
    (Si F8 ne marche pas utilise la touche F5)

    Puis ouvre le dossier clean et ouvre clean.cmd et choisis l'option 2.
    Redémarre normalement et poste le log clean.

    peux tu remettre un rapport hijack this aussi

    @+
    0
  16. Alex
     
    Voici le rapport pour Clean:

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 16/06/2007 a 21:08:38,93

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:
    tentative de suppression de C:\StubInstaller.exe

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
    tentative de suppression de "C:\Documents and Settings\xtrx\Application Data\ezpinst.exe"

    *** Suppression des fichiers dans C:\Program Files
    tentative de suppression de "C:\Program Files\Need2Find\"
    tentative de suppression de "C:\Program Files\Viewpoint\"

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !

    Ainsi qu'un nouveau Hijack

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:35:05, on 16/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
    C:\WINDOWS\system32\scchk32.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\yxkdtejg.exe
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Downloads\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {5861ABCC-1CF6-44D5-8B9A-1912E92D0B0E} - C:\WINDOWS\system32\jkhhe.dll (file missing)
    O2 - BHO: (no name) - {5F53B0C0-665C-4F79-A3FA-192AFB3009E7} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [vajmfsjo.exe] C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\yxkdtejg.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O24 - Desktop Component 0: (no name) - (no file)
    0
  17. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut alex,

    0
    tu n´as pas de par feu :

    Télécgharge Kerio et installe le :

    https://kerio.probb.fr/t1-tuto-pour-kerio-4-2

    Merci a boulepate pour le site!!!

    1
    avec hijack this coche ceci :

    C:\WINDOWS\system32\yxkdtejg.exe
    O2 - BHO: (no name) - {5861ABCC-1CF6-44D5-8B9A-1912E92D0B0E} - C:\WINDOWS\system32\jkhhe.dll (file missing)
    O2 - BHO: (no name) - {5F53B0C0-665C-4F79-A3FA-192AFB3009E7} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O4 - HKLM\..\Run: [vajmfsjo.exe] C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
    O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\yxkdtejg.exe
    O24 - Desktop Component 0: (no name) - (no file)

    quitte tes applications et navigateur et fix/ check les lignes ci dessus.

    2

    avec la killbox

    Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
    copie la ligne ci dessous :

    Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
    copie la ligne ci dessous :

    C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
    C:\WINDOWS\system32\scchk32.exe
    C:\WINDOWS\system32\yxkdtejg.exe

    Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

    Tu peux vérifier dans le menu déroulant que le fichier est bien présent.
    - coche la case "Unregister dll before deleting" (si tu en as la possibilité)
    - clique sur le bouton "All files"
    - clique ensuite sur la croix rouge

    Au deux messages qui vont s'afficher, tu réponds par "YES"
    L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

    Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
    Poste le rapport ici

    3

    fais ceci : demarrer> exécute puis tape : "services.msc" sans les guillemets et arrete le service suivant :

    Service: DomainService - - C:\WINDOWS\system32\yxkdtejg.exe

    4
    * télécharge AVG Anti-Spyware (ewido)

    https://www.avg.com/en-ww/free-antivirus-download
    http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html
    * tu l'installes

    * lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
    si tu n'arrives pas à le mettre à jour prends ici les màj
    http://downloads.ewido.net/avgas-signatures-full-current.exe

    Sur la page "analyse":
    •- tu choisis d'abord l'onglet "paramètres".
    - sous « Comment réagir » clic sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer »

    Copie Et colle le rapport ici

    a la fin du scan tu supprime bien tout ce qu´il atrouvé...

    @+

    J´veux bien; et toi???
    0
  18. Alex
     
    Voila le rapport de killbox:

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 11:43 AM

    Killbox Closed(Exit) @ 11:44:10 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 11:44 AM

    # 1 [Delete on Reboot]
    Path = c:\windows\system32\orkvienh.dll",realset

    I Rebooted @ 11:45:39 AM
    Killbox Closed(Exit) @ 11:45:41 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 11:51 AM

    Killbox Closed(Exit) @ 11:56:15 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 1:01 PM

    # 1 [Delete on Reboot]
    Path = c:\windows\system32\tndvqmkv.dll",realset

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:43 PM
    Killbox Closed(Exit) @ 1:04:47 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ samedi, juin 09, 2007, 1:09 PM

    Killbox Closed(Exit) @ 1:10:19 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ dimanche, juin 10, 2007, 12:10 AM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\system32\tndvqmkv.dll",realset

    PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:11:40 AM
    Killbox Closed(Exit) @ 12:12:02 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ dimanche, juin 10, 2007, 12:18 AM

    Killbox Closed(Exit) @ 12:21:01 AM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ mardi, juin 12, 2007, 3:53 PM

    # 1 [Delete on Reboot]
    Path = C:\WINDOWS\system32\opfenvqs.dll

    I Rebooted @ 3:55:38 PM
    Killbox Closed(Exit) @ 3:55:41 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ mardi, juin 12, 2007, 4:03 PM

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ lundi, juin 18, 2007, 11:31 PM

    # 1 [Delete on Reboot]
    Path = C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe

    # 2 [Delete on Reboot]
    Path = C:\WINDOWS\system32\scchk32.exe

    # 3 [Delete on Reboot]
    Path = C:\WINDOWS\system32\yxkdtejg.exe

    I Rebooted @ 11:34:19 PM
    Killbox Closed(Exit) @ 11:34:22 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Eric(Administrator)
    was started @ lundi, juin 18, 2007, 11:43 PM

    J'ai aussi fait l'analyse AVG mais il n'a pas créé de rapport ?
    0
  19. moK´s@ Messages postés 4410 Statut Membre 89
     
    salut alex,

    peux tu remettre un hijack this stp
    0
  20. Alex
     
    Désolé je l'ai oublié, le voici:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 21:09:04, on 19/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\iPod Access for Windows\iPAHelper.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Apps\Powercinema\PCMService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Valve\Steam\Steam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Downloads\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    O24 - Desktop Component 0: (no name) - (no file)
    0
  • 1
  • 2