Analyse log Hijackthis Résolu

Question

Bonjour.

Alors voila, j'ai hier télécharger un fichier qui s'est revélé dangereux et a apparement infecté mon ordinateur. Fichier que j'ai de suite supprimé.

Toutefois, mon ordinateur semble depuis en subir les conséquences, avec l'affichage de pub, plusieurs attaques de Trojan/virus ainsi que des erreurs avec IE qui ferme mes fenetres (oui je sais je devrais mettre firefox). De plus, mon ordinateur semble plus lent depuis.

Je suis donc passé en mode sans echec ce matin afinde pratiquer un scan avec spybot et ad aware. Toutefois le probleme persiste.

J'ai aussi essayé de faire une restauration systeme mais cela me signal que l'a restauration n'a pas marché aprés le redémarrage. J'ai aussi voulu passé en sans echec pour en faire une mais la c'est carrement le mod qui a du buggé puisque l'écran resté noir et je n'ai pas osé y retourné.

J'ai donc fais un scan Hijack mais je ne m'y connais pas vraiment, si quelqu'un pouvait me conseiller.


Logfile of HijackThis v1.99.1
Scan saved at 00:18:08, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 82.231.144.169 apogee.lineage2.com
O1 - Hosts: 91.121.8.140 L2authd.lineage2.com
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\orkvienh.dll",realset
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Merci

moK´s@ · Answer

salut Alex,

1
avec hijack this coche ceci :

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\orkvienh.dll",realset
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

quitte tes applications et navigateur et fix/check les lignes ci dessus.


2
Télécharge Pocket KillBox sur ton bureau.
http://www.downloads.subratam.org/KillBox.exe


Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
copie la ligne ci dessous :

c:\windows\system32\orkvienh.dll",realset

Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

Tu peux vérifier dans le menu déroulant que le fichier est bien présent.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- clique sur le bouton "All files"
- clique ensuite sur la croix rouge

Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
Poste le rapport ici 

3
Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

3
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
* Double-clique VundoFix.exe afin de le lancer
* Clique sur le bouton Scan for Vundo
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

et repost un log hijackthis , 

@+

Alex · Answer

Tout d'abord je tiens a te remercié grandement pour ton aide car j'ai conscience du travail que cela implique.

Rapport Kill box

Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 11:43 AM
 
Killbox Closed(Exit) @ 11:44:10 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 11:44 AM
 
# 1 [Delete on Reboot]
Path = c:\windows\system32\orkvienh.dll",realset

 
I Rebooted @ 11:45:39 AM
Killbox Closed(Exit) @ 11:45:41 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 11:51 AM 

Ps: lorsque j'ai fais le "Paste from Clipboard" , le fichier n'apparaissait pas dans le menu déroulant, je l'ai donc remit et ait continué la manipulation, sans pouvoir coché "Unregister dll before deleting".



Rapport Navilog

search Navipromo version 2.0.3 commencé le 09/06/2007 à 11:53:54,25
 
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes *** 

 


*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Eric\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 06/09/07 at 11:53:57.
[-] ERROR: F-Secure BlackLight could not acquire debug privileges.
[+] Exited on 06/09/07 at 11:53:57 (return code = 3).


*** Recherche fichiers *** 




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] 
 
 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] 
 
 

Recherche Clé Magic Control 
 
 
 
*** Module de Recherche complémentaire *** 
(Recherche fichiers spécifiques) 
 
1)Recherche fichiers connus:

C:\WINDOWS\system32\ijkkj.ini2 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ijkkj.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\ijkkj.bak2 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
* 
** 
*** 
**** 
***** 
****** 
******* 
******** 
 
 
*** Analyse Terminé le 09/06/2007 à 11:55:01,43 *** 



Rapport Vundofix


VundoFix V6.4.2

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 11:56:38 09/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\hggghhf.dll
C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\ijkkj.tmp
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\ljjiigd.dll
C:\WINDOWS\system32
nnnlkl.dll
C:\WINDOWS\system32	ndvqmkv.dll
C:\WINDOWS\system32\vkmqvdnt.ini
C:\WINDOWS\system32\xxyyvsr.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\hggghhf.dll
C:\WINDOWS\system32\hggghhf.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ijkkj.bak2
C:\WINDOWS\system32\ijkkj.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ijkkj.ini2
C:\WINDOWS\system32\ijkkj.ini2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ijkkj.tmp
C:\WINDOWS\system32\ijkkj.tmp Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ljjiigd.dll
C:\WINDOWS\system32\ljjiigd.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32
nnnlkl.dll
C:\WINDOWS\system32
nnnlkl.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32	ndvqmkv.dll
C:\WINDOWS\system32	ndvqmkv.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\vkmqvdnt.ini
C:\WINDOWS\system32\vkmqvdnt.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\xxyyvsr.dll
C:\WINDOWS\system32\xxyyvsr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\xxyyvsr.dll
C:\WINDOWS\system32\xxyyvsr.dll Has been deleted!

Performing Repairs to the registry.



Log Hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 12:42:30, on 09/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\DAEMON Tools\daemon.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 82.231.144.169 apogee.lineage2.com
O1 - Hosts: 91.121.8.140 L2authd.lineage2.com
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32	ndvqmkv.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

moK´s@ · Answer

ok

fais ceci :

tu n´as pas de par feux??!!

0
Télécgharge Kerio et installe le :

https://kerio.probb.fr/t1-tuto-pour-kerio-4-2

Merci a boulepate pour le site!!!

1
Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
copie la ligne ci dessous :

c:\windows\system32	ndvqmkv.dll",realset

Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

Tu peux vérifier dans le menu déroulant que le fichier est bien présent.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- clique sur le bouton "All files"
- clique ensuite sur la croix rouge

Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
Poste le rapport ici

2
 Télécharge VirtumundoBegone sur le bureau:
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu 

3
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

moK´s@ · Answer

re, avec hijack this coche ceci : O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32 ndvqmkv.dll",realset quitte tes applications et fix/check la ligne ci dessous... Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot". copie la ligne ci dessous : c:\windows\system32 ndvqmkv.dll",realset Sur PocketKillBox --> menu "File" --> "Paste from Clipboard" Tu peux vérifier dans le menu déroulant que le fichier est bien présent. - coche la case "Unregister dll before deleting" (si tu en as la possibilité) - clique sur le bouton "All files" - clique ensuite sur la croix rouge Au deux messages qui vont s'afficher, tu réponds par "YES" L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive. Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log Poste le rapport ici Va sur ce lien et télécharge Blacklight(de F-Secure) : < https://www.f-secure.com/en > et sauvegarde le sur ton Bureau Consulte le tuto de Malekal_morte ici : < https://www.malekal.com/tutorial-f-secure-blacklight/ > Tu suis le tuto pour la phase 1 (scan) et tu postes le rapport de blacklight dans ta réponse. @+

moK´s@ · Answer

re,

c´est quel genre de pubs?

Télécharge ceci:
http://sosvirus.changelog.fr/Green_day/Lopxp.exe

Lance Lopxp.bat.
Au menu, choisis l'option 1 "Rechercher / Générer un rapport"
Patiente et lorsque l'on te demande d'appuyer sur une touche, appuie.
Ensuite, le rapport s'ouvre, copie colle le en entier sur le forum.

@+

moK´s@ · Answer

re,

et bien on est bien avancé avec ca...

est- ce que tu as messenger plus?

fais celui la :

"Silent Runners.vbs", revision 36, https://www.silentrunners.org/

Alex · Answer

Oui j'ai messenger plus. Voila le rapport: "Silent Runners.vbs", revision R50, https://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Steam" = "(empty string)" [file not found] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] "SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."] "SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."] "Raccourci vers la page des propriétés de High Definition Audio" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "AzMixerSel" = "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /installquiet" ["NVIDIA Corporation"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."] "PCMService" = ""c:\Apps\Powercinema\PCMService.exe"" ["CyberLink Corp."] "REGSHAVE" = "C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN" ["FUJI PHOTO FILM CO., LTD."] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] "NeroFilterCheck" = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" ["Nero AG"] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "DiskeeperSystray" = ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"" ["Diskeeper Corporation"] "PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" ["PowerISO Computing, Inc."] "vajmfsjo.exe" = "C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe" [null data] "ApachInc" = "rundll32.exe "C:\WINDOWS\system32\opfenvqs.dll",realset" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Flashget Catch Url Class" \InProcServer32\(Default) = "C:\Program Files\FlashGet\jccatch.dll" ["www.flashget.com"] {5F53B0C0-665C-4F79-A3FA-192AFB3009E7}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\jkkji.dll" [file not found] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {85C13756-4EA6-45A2-9ACA-725257F66315}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\jkhhe.dll" [null data] {8A61098D-612B-4EF2-943D-64E920684061}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\hggfedd.dll" [null data] {92A444D2-F945-4dd9-89A1-896A6C2D8D22}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\airoiuqw.dll" [null data] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] {E12BFF69-38A7-406e-A8EF-2738107A7831}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\bemafpru.dll" [null data] {F156768E-81EF-470C-9057-481BA8380DBA}\(Default) = (no title provided) -> {HKLM...CLSID} = "gFlash Class" \InProcServer32\(Default) = "C:\Program Files\FlashGet\getflash.dll" [empty string] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt" -> {HKLM...CLSID} = "RecordNow! SendToExt" \InProcServer32\(Default) = "C:\Apps\RecordNow\shlext.dll" [null data] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{9175A08B-AF17-4DD6-B7D2-3FE73734DA28}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\my3216.dll" [file not found] "{19583F4F-2D2A-43AF-8773-153434029D9F}" = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\bwotvid.dll" [file not found] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler" -> {HKLM...CLSID} = "NeroDigitalIconHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler" -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] "{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}" = "ImageResizer Shell Extension" -> {HKLM...CLSID} = "ImageResizer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> "{8A61098D-612B-4EF2-943D-64E920684061}" = "*Z" (unwritable string) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\hggfedd.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> hggfedd\DLLName = "hggfedd.dll" [null data] <> jkhhe\DLLName = "C:\WINDOWS\system32\jkhhe.dll" [null data] <> winrkp32\DLLName = "winrkp32.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler" -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] ImageResizer\(Default) = "{2BB59FC0-31E8-42DA-9D3C-E9A52953853B}" -> {HKLM...CLSID} = "ImageResizer Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\VSO\IMAGER~1\RSZShell.dll" ["VSO Software"] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Eric\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\RESIDE~1.SCR" (Resident Evil 4.scr) ["Comis"] Startup items in "Eric" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\Eric\Menu Démarrer\Programmes\Démarrage "Adobe Gamma" -> shortcut to: "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{E0E899AB-F487-11D5-8D29-0050BA6940E3}" = "FlashGet" -> {HKLM...CLSID} = "FlashGet" \InProcServer32\(Default) = "C:\Program Files\FlashGet\fgiebar.dll" ["Amaze Soft"] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided) -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided) -> {HKLM...CLSID} = "Real.com" \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Rechercher" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Recherche" {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\ "ButtonText" = "Real.com" {D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\ "ButtonText" = "FlashGet" "MenuText" = "FlashGet" "Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["FlashGet.com"] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): (unwritable string) Missing lines (compared with English-language version): [Version]: 2 lines [RestoreHomePage]: 1 line [RestoreHomePage.reg]: 1 line [RestoreBrowserSettings.reg]: 12 lines [DeleteTemplates.reg]: 5 lines [DeleteAutosearch.reg]: 1 line [Strings]: 1 line [RestoreBrowserSettings]: 2 lines [Strings]: 3 lines Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] Carte de performance WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS] CyberLink Background Capture Service (CBCS), CLCapSvc, ""c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"" [empty string] CyberLink Task Scheduler (CTS), CLSched, ""c:\APPS\Powercinema\Kernel\TV\CLSched.exe"" [empty string] Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"] iPAHelper.exe, iPAHelper.exe, "C:\Program Files\iPod Access for Windows\iPAHelper.exe" ["Findley Designs, Inc."] iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."] Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] SmartLinkService, SLService, "slserv.exe" [" "] StarWind iSCSI Service, StarWindService, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 45 seconds, including 19 seconds for message boxes)

moK´s@ · Answer

re,

ok c´est messenger plus qui te pourrie la vie avec des pubs...

lis ce qui suit et desinstale messenger plus..

Messenger plus est un add-on non officiel à "Messenger MSN", gratuit grâce à la sponsorisation. Malheureusement ils ont choisi comme sponsor, ni plus ni moins, LOP.COM !!!

On le voit à un bouton installé dans la barre et qui porte un nom quelconque, généré aléatoirement, à la volée, de manière à empêcher les anti-spywares de le détecter par la méthode des signatures.

Lop.com est une des pire cochonneries qui s'installent sournoisement sur nos machines, furtif et très difficile à retirer. Son installation se fait en utilisant des noms et des clés de registres générées aléatoirement. Il s'installe, du point de vue technique, partiellement sous la forme d'un Bho hostile dont le nom et la clé de registre sont générés aléatoirement ce qui fait des billions (milliers de millions) de combinaisons possibles. Impossible d'en faire une liste ce qui rend le travail des anti-spywares basés sur des scanners et des listes de signatures, totalement impossible.

Pour éradiquer Messenger Plus, il suffit de passer par le classique panneau de configuration de Windows et, dans ajout/suppression de programmes, il suffit de supprimer (désinstaller)

* Messenger Plus
* Messenger Plus Random Quote Addon


Mais ceci ne supprime pas lop.com.

Il existe un outil pour retirer lop.com, qui traîne encore sur l'ordinateur après éradication de Messenger Plus:

* http://lop.com/toolbar_uninstall.exe


Toutefois il s'agit d'un programme exécutable, qui plus est sur le site de lop.com, ce qui, comme d'habitude, succite un peu de méfiance.

Vous pouvez, ensuite, réinstaller "Messenger Plus" - mais en DECOCHANT la case "sponsor" puisque vous avez le choix.


2
rends toi sur ce site :

http://www.virustotal.com/en/virustotalx.html

et fais analyser ceci :

C:\WINDOWS\system32\opfenvqs.dll

tu l´upload dans la case en haut a droite en fesant parcourir.

poste le rapport ici


mets aussi un nouveau hijack this


@+

Alex · Answer

Pour msn plus je l'ai désinstallé, meme si je pense que j'avais refusé le sponsor.

Voila le rapport.

STATUS: FINISHEDComplete scanning result of "opfenvqs.dll", received in VirusTotal at 06.10.2007, 21:08:08 (CET).

Antivirus Version Update Result 
AhnLab-V3 2007.5.9.0 05.09.2007  no virus found 
AntiVir 7.4.0.32 06.09.2007 ADSPY/Virtumonde.AR.10 
Authentium 4.93.8 05.23.2007  no virus found 
Avast 4.7.997.0 06.09.2007  no virus found 
AVG 7.5.0.467 05.08.2007  no virus found 
BitDefender 7.2 06.10.2007 GenPack:Trojan.Vundo.DLZ 
CAT-QuickHeal 9.00 06.09.2007 Adware.Virtumonde.gen (Not a Virus) 
ClamAV devel-20070416 05.09.2007 Trojan.Packed-7 
DrWeb 4.33 06.10.2007 Trojan.Virtumod 
eSafe 7.0.15.0 05.08.2007  no virus found 
eTrust-Vet 30.7.3707 06.09.2007  no virus found 
FileAdvisor 1 06.10.2007  no virus found 
Fortinet 2.85.0.0 06.10.2007 suspicious 
F-Prot 4.3.2.48 05.08.2007  no virus found 
F-Secure 6.70.13030.0 05.09.2007  no virus found 
Ikarus T3.1.1.7 05.09.2007  no virus found 
Kaspersky 4.0.2.24 06.10.2007 not-a-virus:AdWare.Win32.Virtumonde.ar 
McAfee 5049 06.08.2007  no virus found 
Microsoft 1.2503 06.10.2007  no virus found 
NOD32v2 2321 06.10.2007 Win32/Adware.Virtumonde 
Norman 5.80.02 06.08.2007 Vundo.gen25 
Panda 9.0.0.4 06.10.2007 Spyware/Virtumonde 
Prevx1 V2 06.10.2007  no virus found 
Sophos 4.18.0 06.01.2007 Virtumundo 
Sunbelt 2.2.907.0 05.05.2007 VIPRE.Suspicious 
Symantec 10 05.09.2007  no virus found 
TheHacker 6.1.6.131 06.08.2007 Adware/Virtumonde.ar 
VBA32 3.12.0 06.10.2007 Application.Win32.Adware.Virtumonde 
VirusBuster 4.3.23:9 06.10.2007 Adware.Vundo.Gen!Pac.14 
Webwasher-Gateway 6.0.1 05.09.2007 Worm.Win32.Malware.gen (suspicious) 


Aditional Information 
File size: 131124 bytes 
MD5: 311ba1e49008162c2494f00a8dda4fd8 
SHA1: a5fcbf23e08a629b04f684e78c6f1ba97b9454b0 
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

moK´s@ · Answer

re,

Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
copie la ligne ci dessous :

c:\windows\system32\opfenvqs.dll 

Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

Tu peux vérifier dans le menu déroulant que le fichier est bien présent.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- clique sur le bouton "All files"
- clique ensuite sur la croix rouge

Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
Poste le rapport ici 

refais un vundofix et post le rapport ici,

post aussi un hijack this 


tu as encore des pubs?
 

@+

Alex · Answer

Désolé pour l'attente.

Voila KillBox

Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 11:43 AM
 a
Killbox Closed(Exit) @ 11:44:10 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 11:44 AM
 
# 1 [Delete on Reboot]
Path = c:\windows\system32\orkvienh.dll",realset

 
I Rebooted @ 11:45:39 AM
Killbox Closed(Exit) @ 11:45:41 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 11:51 AM
 
Killbox Closed(Exit) @ 11:56:15 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 1:01 PM
 
# 1 [Delete on Reboot]
Path = c:\windows\system32	ndvqmkv.dll",realset 

 
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:43 PM
Killbox Closed(Exit) @ 1:04:47 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 1:09 PM
 
Killbox Closed(Exit) @ 1:10:19 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ dimanche, juin 10, 2007, 12:10 AM
 
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32	ndvqmkv.dll",realset

 
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:11:40 AM
Killbox Closed(Exit) @ 12:12:02 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ dimanche, juin 10, 2007, 12:18 AM
 
Killbox Closed(Exit) @ 12:21:01 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ mardi, juin 12, 2007, 3:53 PM
 
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\opfenvqs.dll

 
I Rebooted @ 3:55:38 PM
Killbox Closed(Exit) @ 3:55:41 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ mardi, juin 12, 2007, 4:03 PM 


J'ai aussi fais vundo et voila le rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:21:48, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5861ABCC-1CF6-44D5-8B9A-1912E92D0B0E} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {5F53B0C0-665C-4F79-A3FA-192AFB3009E7} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {77C5EF32-88D6-40AA-AA80-82ED38D52EE0} - C:\WINDOWS\system32\codfrebr.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\hggfedd.dll (file missing)
O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\airoiuqw.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\bemafpru.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [vajmfsjo.exe] C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\gbaqeocs.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - (no file)

Alex · Answer

Oui j'ai toujours des pubs.

moK´s@ · Answer

salut alex,

telecharge :

http://www.techsupportforum.com/sectools/combofix.exe

tu le télécharge sur ton bureau.

desactive ton anti virus et autre protection pas le par feu.

click sur combofix.exe et suis les instructions a l´ecran.

quand il aura terminé il va produire un log, poste le dans ta prochaine reponse.

ps : ne click pas avec ta sourie pendant qu´il effectue le scan et les réparations...

@+

moK´s@ · Answer

salut alex, 1 ¤ Télécharge Clean ----> http://www.malekal.com/download/clean.zip Dézippe tout le contenu dans le même dossier. Double clic sur clean ou clean.cmd choisissez l'option 1. Un rapport va s'ouvrir, copie et colle le contenu ici 2 fait quand meme ceci pour messenger plus : http://lop.com/toolbar_uninstall.exe 3 essait de voire si tu arrive a faire le balck light maintenant... Va sur ce lien et télécharge Blacklight(de F-Secure) : < https://www.f-secure.com/en > et sauvegarde le sur ton Bureau Consulte le tuto de Malekal_morte ici : < https://www.malekal.com/tutorial-f-secure-blacklight/ > Tu suis le tuto pour la phase 1 (scan) et tu postes le rapport de blacklight dans ta réponse. @+

moK´s@ · Answer

re,

Redémarre en mode sans échec  : 

¤Démarre en mode sans échec :
Pour cela, tu tapote la touche F8 des le début de l allumage du pc sans t arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c est normal !
(Si F8 ne marche pas utilise la touche F5) 

Puis ouvre le dossier clean et ouvre clean.cmd et choisis l'option 2.
Redémarre normalement et poste le log clean. 

peux tu remettre un rapport hijack this aussi 

@+

Alex · Answer

Voici le rapport pour Clean:

Script execute en mode sans echec 
Rapport clean par Malekal_morte - http://www.malekal.com 
Script execute en mode sans echec 16/06/2007 a 21:08:38,93 

Microsoft Windows XP [version 5.1.2600]
 
*** Suppression des fichiers dans C: 
tentative de suppression de C:\StubInstaller.exe 
 
*** Suppression des fichiers dans C:\WINDOWS\ 
 
*** Suppression des fichiers dans C:\WINDOWS\system32 
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" 
tentative de suppression de "C:\Documents and Settings\xtrx\Application Data\ezpinst.exe" 
 
*** Suppression des fichiers dans C:\Program Files 
tentative de suppression de "C:\Program Files\Need2Find\" 
tentative de suppression de "C:\Program Files\Viewpoint\" 
 
*** Suppression des clefs du registre effectuee.. 
*** Fin du rapport ! 


Ainsi qu'un nouveau Hijack

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:35:05, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
C:\WINDOWS\system32\scchk32.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\yxkdtejg.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5861ABCC-1CF6-44D5-8B9A-1912E92D0B0E} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {5F53B0C0-665C-4F79-A3FA-192AFB3009E7} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [vajmfsjo.exe] C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: DomainService -   - C:\WINDOWS\system32\yxkdtejg.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - (no file)

moK´s@ · Answer

salut alex,

0
tu n´as pas de par feu :

Télécgharge Kerio et installe le :

https://kerio.probb.fr/t1-tuto-pour-kerio-4-2

Merci a boulepate pour le site!!!

1
avec hijack this coche ceci :

C:\WINDOWS\system32\yxkdtejg.exe
O2 - BHO: (no name) - {5861ABCC-1CF6-44D5-8B9A-1912E92D0B0E} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {5F53B0C0-665C-4F79-A3FA-192AFB3009E7} - C:\WINDOWS\system32\jkkji.dll (file missing)
O4 - HKLM\..\Run: [vajmfsjo.exe] C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\yxkdtejg.exe
O24 - Desktop Component 0: (no name) - (no file)

quitte tes applications et navigateur et fix/ check les lignes ci dessus.

2

avec la killbox

Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
copie la ligne ci dessous :

Double-clique sur le fichier Killbox.exe, et coche la case "Delete on reboot".
copie la ligne ci dessous :


C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe
C:\WINDOWS\system32\scchk32.exe
C:\WINDOWS\system32\yxkdtejg.exe


Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

Tu peux vérifier dans le menu déroulant que le fichier est bien présent.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- clique sur le bouton "All files"
- clique ensuite sur la croix rouge

Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
Poste le rapport ici

3

fais ceci : demarrer> exécute puis tape : "services.msc" sans les guillemets et arrete le service suivant :

Service: DomainService - - C:\WINDOWS\system32\yxkdtejg.exe

4
* télécharge AVG Anti-Spyware (ewido)

https://www.avg.com/en-ww/free-antivirus-download
http://www.infos-du-net.com/telecharger/Ewido-Security-Suite,0301-734.html
* tu l'installes

* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
si tu n'arrives pas à le mettre à jour prends ici les màj
http://downloads.ewido.net/avgas-signatures-full-current.exe

Sur la page "analyse":
•- tu choisis d'abord l'onglet "paramètres".
- sous « Comment réagir » clic sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer » 

Copie Et colle le rapport ici 

a la fin du scan tu supprime bien tout ce qu´il atrouvé...

@+


J´veux bien; et toi???

Alex · Answer

Voila le rapport de killbox:

Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 11:43 AM
 
Killbox Closed(Exit) @ 11:44:10 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 11:44 AM
 
# 1 [Delete on Reboot]
Path = c:\windows\system32\orkvienh.dll",realset

 
I Rebooted @ 11:45:39 AM
Killbox Closed(Exit) @ 11:45:41 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 11:51 AM
 
Killbox Closed(Exit) @ 11:56:15 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 1:01 PM
 
# 1 [Delete on Reboot]
Path = c:\windows\system32	ndvqmkv.dll",realset 

 
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 1:04:43 PM
Killbox Closed(Exit) @ 1:04:47 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ samedi, juin 09, 2007, 1:09 PM
 
Killbox Closed(Exit) @ 1:10:19 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ dimanche, juin 10, 2007, 12:10 AM
 
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32	ndvqmkv.dll",realset

 
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 12:11:40 AM
Killbox Closed(Exit) @ 12:12:02 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ dimanche, juin 10, 2007, 12:18 AM
 
Killbox Closed(Exit) @ 12:21:01 AM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ mardi, juin 12, 2007, 3:53 PM
 
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\opfenvqs.dll

 
I Rebooted @ 3:55:38 PM
Killbox Closed(Exit) @ 3:55:41 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ mardi, juin 12, 2007, 4:03 PM
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ lundi, juin 18, 2007, 11:31 PM
 
# 1 [Delete on Reboot]
Path = C:\Documents and Settings\All Users\Application Data\vajmfsjo.exe

 
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\scchk32.exe

 
# 3 [Delete on Reboot]
Path = C:\WINDOWS\system32\yxkdtejg.exe

 
I Rebooted @ 11:34:19 PM
Killbox Closed(Exit) @ 11:34:22 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Eric(Administrator)
was started @ lundi, juin 18, 2007, 11:43 PM
 


J'ai aussi fait l'analyse AVG mais il n'a pas créé de rapport ?

moK´s@ · Answer

salut alex,

peux tu remettre un hijack this stp

Alex · Answer

Désolé je l'ai oublié, le voici:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:09:04, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\iPod Access for Windows\iPAHelper.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Downloads\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O24 - Desktop Component 0: (no name) - (no file)

moK´s@ · Answer

re,

tu n´as toujours pas installé de par feu!!!

a part ca le rapport me parrait propre...

avg t´avait -il trouvé des saletés?

Alex · Answer

Oui il en avait trouvé, et a reussi a tout supprimé.

J'installe de suite Kerio.

Encore merci pour toute l'aide fournie ainsi que la rapidité des réponses qui ont permis de "désinfecté" mon ordinateur.

moK´s@ · Answer

re,

il serait sage de faire un scan en ligne pour vérifier, car tu etait salement infécté ( c´est long, mais...)

https://www.bitdefender.fr/
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

et copie colle le résultat ici

@+

Alex · Answer

Le rapport étant dans un fichier Html, je n'ai pas reussi a faire une meilleur mise en page désolé, le voici:

BitDefender Online Scanner
  
  
 
Rapport d'analyse généré à: Wed, Jun 20, 2007 - 14:12:15
 
 
  
  
 
Voie d'analyse: C:\;D:\;E:\;F:\;G:\;
  
  
 
 
  
  
 
Statistiques
 
Temps
 01:22:13
 
Fichiers
 422959
 
Directoires
 11481
 
Secteurs de boot
 3
 
Archives
 7517
 
Paquets programmes
 12341
 
  
  
 
Résultats
 
Virus identifiés
 22
 
Fichiers infectés
 63
 
Fichiers suspects
 0
 
Avertissements
 0
 
Désinfectés
 0
 
Fichiers effacés
 107
 
  
  
 
Info sur les moteurs
 
Définition virus
 514494
 
Version des moteurs
 AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
 
Analyse des plugins
 14
 
Archive des plugins
 38
 
Unpack des plugins
 6
 
E-mail plugins
 6
 
Système plugins
 1
 
  
  
 
Paramètres d'analyse
 
Première action
 Désinfecté
 
Seconde Action
 Supprimé
 
Heuristique
 Oui
 
Acceptez les avertissements
 Oui
 
Extensions analysées
 *;
 
Excludez les extensions
  
 
Analyse d'emails
 Oui
 
Analyse des Archives
 Oui
 
Analyser paquets programmes
 Oui
 
Analyse des fichiers
 Oui
 
Analyse de boot
 Oui
 
  
  
 
  Fichier analysé
  Statut
 
C:\!KillBox\opfenvqs.dll
 Infecté par: GenPack:Trojan.Vundo.DLZ
 
C:\!KillBox\opfenvqs.dll
 Echec de la désinfection
 
C:\!KillBox\opfenvqs.dll
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0657498F.exe=>(Quarantine-2)
 Infecté par: Trojan.Click.Small.G
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0657498F.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0657498F.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E6B4A17.exe=>(Quarantine-2)
 Infecté par: Trojan.DownLoader.Drsmart.A
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E6B4A17.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\129F02E8.dll=>(Quarantine-2)
 Infecté par: Generic.Istbar.40BF1D83
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\129F02E8.dll=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\129F02E8.dll=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA720F8.exe=>(Quarantine-2)
 Infecté par: Trojan.Downloader.TSUpdate.P
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BA720F8.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21A23739.exe=>(Quarantine-2)
 Infecté par: Dropped:Trojan.Clicker.Small.G
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21A23739.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21A23739.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21D00306.exe=>(Quarantine-2)
 Infecté par: Trojan.Click.Small.G
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21D00306.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21D00306.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\230A16D7.exe=>(Quarantine-2)
 Infecté par: Trojan.Clicker.Agent.GP
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\230A16D7.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\230A16D7.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\230D40D3.exe=>(Quarantine-2)
 Infecté par: Trojan.Clicker.Agent.GP
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\230D40D3.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\230D40D3.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23310EAC.exe=>(Quarantine-2)
 Infecté par: Trojan.Dropper.Agent.AAC
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23310EAC.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\233538A8.exe=>(Quarantine-2)
 Infecté par: Trojan.Dropper.Agent.AAC
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\233538A8.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\233A3777.htm=>(Quarantine-2)
 Infecté par: Trojan.Exploit.Html.Codebaseexec.BI
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\233A3777.htm=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\233A3777.htm=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23555C84.exe=>(Quarantine-2)
 Infecté par: Trojan.Adclicker.L
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23555C84.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23555C84.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23735664.exe=>(Quarantine-2)
 Infecté par: Trojan.Adclicker.L
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23735664.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23735664.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24754B48.dll=>(Quarantine-2)
 Infecté par: Trojan.Clicker.Small.G
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24754B48.dll=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24754B48.dll=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27363840.exe=>(Quarantine-2)
 Infecté par: Trojan.Adclicker.L
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27363840.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27363840.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30CB63B5.dll=>(Quarantine-2)
 Infecté par: Trojan.Clicker.Small.G
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30CB63B5.dll=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30CB63B5.dll=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37797F30.exe=>(Quarantine-2)
 Infecté par: Dropped:Trojan.Clicker.Small.G
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37797F30.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37797F30.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E94595F.exe=>(Quarantine-2)
 Infecté par: Trojan.Downloader.Vb.ZK
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E94595F.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E94595F.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53FC62FA.exe=>(Quarantine-2)
 Infecté par: Trojan.Downloader.Adload.AC
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53FC62FA.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53FC62FA.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55307D68.tmp=>(Quarantine-2)
 Infecté par: Win32.Hotlix.A@mm
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55307D68.tmp=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55307D68.tmp=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55365161.tmp=>(Quarantine-2)
 Infecté par: Trojan.Win32.MSNTrick.B
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55365161.tmp=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55365161.tmp=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\562E4850.exe=>(Quarantine-2)
 Infecté par: Trojan.Win32.MSNTrick.B
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\562E4850.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\562E4850.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D6F4C1C.exe=>(Quarantine-2)
 Infecté par: Trojan.DownLoader.Drsmart.A
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D6F4C1C.exe=>(Quarantine-2)
 Supprimé
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75084EA0.tmp=>(Quarantine-2)
 Infecté par: Backdoor.Delf.Agf.28.D
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75084EA0.tmp=>(Quarantine-2)
 Echec de la désinfection
 
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75084EA0.tmp=>(Quarantine-2)
 Supprimé
 
C:\QooBox\Quarantine\C\WINDOWS\system32\codfrebr.dll.vir
 Infecté par: Trojan.BHO.AQ
 
C:\QooBox\Quarantine\C\WINDOWS\system32\codfrebr.dll.vir
 Echec de la désinfection
 
C:\QooBox\Quarantine\C\WINDOWS\system32\codfrebr.dll.vir
 Supprimé
 
C:\QooBox\Quarantine\C\WINDOWS\system32\vturo.dll.vir
 Infecté par: Trojan.Vundo.DLY
 
C:\QooBox\Quarantine\C\WINDOWS\system32\vturo.dll.vir
 Echec de la désinfection
 
C:\QooBox\Quarantine\C\WINDOWS\system32\vturo.dll.vir
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP546\A0101884.dll
 Infecté par: GenPack:Trojan.Vundo.DLZ
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP546\A0101884.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP546\A0101884.dll
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP546\A0101897.dll
 Infecté par: Trojan.Vundo.DLY
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP546\A0101897.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP546\A0101897.dll
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP546\A0101900.dll
 Infecté par: GenPack:Trojan.Vundo.DLZ
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP546\A0101900.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP546\A0101900.dll
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP548\A0102460.dll
 Infecté par: GenPack:Trojan.Vundo.DLZ
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP548\A0102460.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP548\A0102460.dll
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP548\A0102547.dll
 Infecté par: Trojan.Vundo.DLY
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP548\A0102547.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP548\A0102547.dll
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP550\A0102994.dll
 Infecté par: Trojan.BHO.AQ
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP550\A0102994.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP550\A0102994.dll
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP550\A0103005.dll
 Infecté par: Trojan.Vundo.DLY
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP550\A0103005.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP550\A0103005.dll
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP555\A0103919.exe
 Infecté par: Trojan.Fotomoto.A
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP555\A0103919.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP555\A0103919.exe
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP555\A0103920.exe
 Infecté par: Trojan.LowZones.SA
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP555\A0103920.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP555\A0103920.exe
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP555\A0103921.exe
 Infecté par: DeepScan:Generic.Malware.Fdld!!.AE4B1712
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP555\A0103921.exe
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP555\A0103921.exe
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104110.dll
 Infecté par: GenPack:Trojan.Vundo.DLZ
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104110.dll
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104110.dll
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104111.exe=>(Quarantine-2)
 Infecté par: Trojan.Click.Small.G
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104111.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104111.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104112.exe=>(Quarantine-2)
 Infecté par: Trojan.DownLoader.Drsmart.A
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104112.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104113.dll=>(Quarantine-2)
 Infecté par: Generic.Istbar.40BF1D83
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104113.dll=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104113.dll=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104114.exe=>(Quarantine-2)
 Infecté par: Trojan.Downloader.TSUpdate.P
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104114.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104115.exe=>(Quarantine-2)
 Infecté par: Dropped:Trojan.Clicker.Small.G
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104115.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104115.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104116.exe=>(Quarantine-2)
 Infecté par: Trojan.Click.Small.G
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104116.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104116.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104117.exe=>(Quarantine-2)
 Infecté par: Trojan.Clicker.Agent.GP
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104117.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104117.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104118.exe=>(Quarantine-2)
 Infecté par: Trojan.Clicker.Agent.GP
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104118.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104118.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104119.exe=>(Quarantine-2)
 Infecté par: Trojan.Dropper.Agent.AAC
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104119.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104120.exe=>(Quarantine-2)
 Infecté par: Trojan.Dropper.Agent.AAC
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104120.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104121.exe=>(Quarantine-2)
 Infecté par: Trojan.Adclicker.L
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104121.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104121.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104122.exe=>(Quarantine-2)
 Infecté par: Trojan.Adclicker.L
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104122.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104122.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104123.dll=>(Quarantine-2)
 Infecté par: Trojan.Clicker.Small.G
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104123.dll=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104123.dll=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104124.exe=>(Quarantine-2)
 Infecté par: Trojan.Adclicker.L
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104124.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104124.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104125.dll=>(Quarantine-2)
 Infecté par: Trojan.Clicker.Small.G
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104125.dll=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104125.dll=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104126.exe=>(Quarantine-2)
 Infecté par: Dropped:Trojan.Clicker.Small.G
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104126.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104126.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104127.exe=>(Quarantine-2)
 Infecté par: Trojan.Downloader.Vb.ZK
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104127.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104127.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104128.exe=>(Quarantine-2)
 Infecté par: Trojan.Downloader.Adload.AC
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104128.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104128.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104129.exe=>(Quarantine-2)
 Infecté par: Trojan.Win32.MSNTrick.B
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104129.exe=>(Quarantine-2)
 Echec de la désinfection
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104129.exe=>(Quarantine-2)
 Supprimé
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104130.exe=>(Quarantine-2)
 Infecté par: Trojan.DownLoader.Drsmart.A
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP556\A0104130.exe=>(Quarantine-2)
 Supprimé
 
C:\VundoFix Backups\jkhhe.dll.bad
 Infecté par: Trojan.Vundo.DLY
 
C:\VundoFix Backups\jkhhe.dll.bad
 Echec de la désinfection
 
C:\VundoFix Backups\jkhhe.dll.bad
 Supprimé
 
C:\VundoFix Backups\jkkji.dll.bad
 Infecté par: Trojan.Vundo.DLY
 
C:\VundoFix Backups\jkkji.dll.bad
 Echec de la désinfection
 
C:\VundoFix Backups\jkkji.dll.bad
 Supprimé
 
C:\VundoFix Backups	ndvqmkv.dll.bad
 Infecté par: GenPack:Trojan.Vundo.DLZ
 
C:\VundoFix Backups	ndvqmkv.dll.bad
 Echec de la désinfection
 
C:\VundoFix Backups	ndvqmkv.dll.bad
 Supprimé
 
C:\WINDOWS\system32\airoiuqw.dll
 Infecté par: Trojan.BHO.BP
 
C:\WINDOWS\system32\airoiuqw.dll
 Echec de la désinfection
 
C:\WINDOWS\system32\airoiuqw.dll
 Supprimé
 
C:\WINDOWS\system32\usygbnmi.dll
 Infecté par: Trojan.BHO.BP
 
C:\WINDOWS\system32\usygbnmi.dll
 Echec de la désinfection
 
C:\WINDOWS\system32\usygbnmi.dll
 Supprimé

moK´s@ · Answer

salut alex,

alors la en faite c´etait en majorité les backups des outils que l´on a utilisés qui on été détéctés...

fait ceci car ta restauration system est infecté :

¤Désactive ta restauration système:
Clic droit sur poste de travail puis,
propriété, tu clique sur onglet restauration système
tu coche la case désactiver la restauration et applique

puis tu redemarre et refais l´inverse, tu la remet quoid...

2
repasse un scan avg si possible en mode sans echec et poste le rapport.

@+

Alex · Answer

J'ai fais ce que tu m'as demandé, mais je n'ai toujours pas reussi a obtenir de rapport avec AVG. Il a détecté et supprimé 8 fichiers de risques moyen.

moK´s@ · Answer

re,

c´est embetant que tu n´est pas le rapport...

tu l´as fais en mode sans echec?

te souviens tu des fichiers et surtout leurs emplacement?

@+

Alex · Answer

Oui je l'ai fais en mode sans echec et il me semble que les fichier étaient dans window/system32.

Si je refais une analyse, je suppose que je ne les retrouverais pas?

moK´s@ · Answer

re,

Si je refais une analyse, je suppose que je ne les retrouverais pas?

c´est claire...

essaie de sauvegarder le rapport cette fois ci ...

dans l´onglet analyse sous onglet parametres regarde si "generer un rapport a chaque analyse" est bien coché.

@+

Alex · Answer

Désolé pour le retard mais j'ai eu des soucis pour me connecter...

J'ai fais un avg cet aprem, toujours pas de rapport mais un screen:

https://imageshack.com/

Tout a été supprimé.

moK´s@ · Answer

bon la c´est clean...

tu as tujours des pubs?

comment va ton pc?

moK´s@ · Answer

ok

tiens moi au courrant au cas ou ;-)

bonne soirée

Rim · Answer

C'est urgent !!
Je voudrai analyser ça;

Logfile of HijackThis v1.99.1
Scan saved at 15:26:36, on 14/09/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\System32\ctfmon.exe
c:\mcdumrks.exe
C:\WINDOWS\retadpu.exe
C:\WINDOWS\System32\f07WtR\f07WtR1084.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.ma/?gws_rd=ssl
O4 - HKLM\..\Run: [Appstart] C:\WINDOWS\Downloaded Program Files\Appstart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [T1135166TT4] C:\WINDOWS\System32\5265433751l.exe
O4 - Global Startup: 1.exe
O4 - Global Startup: 2.exe
O4 - Global Startup: Z005265cie.cmd
O4 - Global Startup: Z5265cie.cmd
O4 - Global User Startup: 1.exe
O4 - Global User Startup: 2.exe
O4 - Global User Startup: Z005265cie.cmd
O4 - Global User Startup: Z5265cie.cmd
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{519F73F9-AAF6-44C1-A420-BF74D948A6BC}: NameServer = 85.255.114.53,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{C451F851-9481-4A7E-A8C1-4819D17F56E2}: NameServer = 85.255.114.53,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA4CC8AF-1609-41B4-8E04-0C5807E1B303}: NameServer = 85.255.114.53,85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{519F73F9-AAF6-44C1-A420-BF74D948A6BC}: NameServer = 85.255.114.53,85.255.112.16
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16
O17 - HKLM\System\CS2\Services\Tcpip\..\{519F73F9-AAF6-44C1-A420-BF74D948A6BC}: NameServer = 85.255.114.53,85.255.112.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: DF5Serv - Faronics Corporation - C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)

moK´s@ · Answer

salut  Rim,

Imprime ces instructions, ou colle les dans un fichier texte.
Regarde bien l'indication en bas, avant de commencer la procédure.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.

http://secubox.aldria.com/topic-518.html

. Ferme toutes les fenêtres actives.
. Lance l'outil Look2Me-Destroyer.exe.
. Coche Run this program as a task
. Un message s'affichera :
"Look2Me-Destroyer will close and re-open in approximately 1 minute"-> OK
. Il se relancera après la minute, puis appuie sur le bouton Scan for L2M.
. Les icônes de ton Bureau vont disparaître.
. Le scan termine, clique sur Remove L2M
. Un nouveau message Done Scanning apparaîtra, clique sur OK.
. Suivi de Done removing infected files! Look2Me-Destroyer will now shutdown your computer -> OK.
. Ton PC va s’éteindre.
. Démarre ton PC normalement.
. Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt

Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
-------- 


1/ Si Look2Me-Destroyer ne se relance pas automatiquement après les 10 secondes, redémarre et essaie à nouveau.
 
2/ Si tu reçois un message de ton firewall disant que l'outil tente d'accéder à l'internet : Accepte ou desactive ton firewall
 
3/ Si un message runtime error '339' s'affiche : télécharge MSWINSCK.OCX et place-le dans le dossier C:\Windows\System32.
http://www.ascentive.com/support/n [...] WINSCK.OCX

et repost un hijack this aussi

@+

celfun693 · Answer

le 08/11/2007 à 19.34

Bonjour, 

J'ai l'impression que vos actions sont efficaces d'après le forum. Moi aussi j'ai un problème depuis plusieurs mois et plus ça va moins ça va ! Je ne sais pas encore ce que j'ai vraiment. Ce que je peux dire c'est qu'il n'y a pas très longtemps j'ai accepté un fichier sur msn que je n'aurais pas du. Grâce au forum, j'ai pas réussi à tout réparer. Mais depuis qq temps tout recommence. Je ne peux plus utiliser msn, internet plante (obligé de redémarrer le pc), il est rendu à un stade ou il rame trop !!

Si toutefois quelqu'un peut m'aider à résoudre mon problème... je crois que je le remercierai jamais assez !!!

D'avance merci et bonne lecture !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:18:37, on 08/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CRSSSubscriber Object - {18A5CAE8-FAF6-49A9-B3D8-2954437D9BBC} - C:\Program Files\Lektora\LektoraCOM.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Lektora - {C55D30C7-3B86-4D70-98D3-CAA716DF0D83} - C:\Program Files\Lektora\LektoraCOM.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://monblogamoicelfun693.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O18 - Protocol: bw+0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {B32B76CB-D9CB-4E10-B533-8A16323B1C72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: (no name) - http://legacy.futura-sciences.com/uploads/tx_oxcsfutura/comprendre/d/images/orage_intro.jpg

riri94 · Answer

bonjour je voudrai savoir si mon pc est infécteé voici mon log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:16, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\system32\drivers\spool.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Pinnacle\Shared Filesemoterm.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Documents and Settings\LASBEUR\Local Settings\Application Data\cftmon.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Documents and Settings\LASBEUR\Local Settings\Application Data\cftmon.exe
C:\WINDOWS\system32\drivers\spool.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\drivers\spool.exe C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A8D2F72-2B85-3C5B-BE15-426410B0908A} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7A756996-3991-4AE6-A0A4-971FC9619501} - C:\WINDOWS\system32\mljjk.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D7FD6C15-4927-4AAE-BF12-FBDABD287EB1} - C:\WINDOWS\system32	uvvspp.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\FSC\Wireless Wheel Mouse\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PinnacleRemote] C:\Program Files\Pinnacle\Shared Filesemoterm.exe
O4 - HKLM\..\Run: [cOF3EUA] C:\WINDOWS\axwqujov.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ryoecjx] C:\WINDOWS\system32\evaumha.exe r
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [FORHEARTCDROMDVD] C:\Documents and Settings\All Users\Application Data\OnceProxyForHeart\safe love.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\LASBEUR\Local Settings\Application Data\cftmon.exe
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [VideoCall] "C:\Program Files\Logitech\VideoCall\VideoCall.exe" -minimized
O4 - HKCU\..\Run: [Mail surf] C:\DOCUME~1\LASBEUR\APPLIC~1\RDRGRA~1\Longwait.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [fsvkblolj] c:\documents and settings\lasbeur\local settings\application data\fsvkblolj.exe fsvkblolj
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\LASBEUR\Local Settings\Application Data\cftmon.exe
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.01net.com/telecharger/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online2/diner_dash/DinerDash.1.0.0.80.cab
O20 - Winlogon Notify: tuvvspp - C:\WINDOWS\SYSTEM32	uvvspp.dll
O20 - Winlogon Notify: winwly32 - winwly32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DirectX Service (DirectHuxn) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard
hksrv.exe (file missing)
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spool.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/LASBEUR/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

Analyse log Hijackthis - Page 2

Discussions similaires

Newsletters