pc lent à cause de virus...(ulimate defender)

Question

bonjour.
j'ai un probleme depuis ce matin mon pc est tres lent depuis qu'une fenetre est aparue me proposant "ultimate defender".cette fenetre est revenue plusieurs fois et je n'arrive pas à m'en debarrasser..
J'ai essayé des logiciels que j'ai (avast avg antyspyware spybot...) mais toujours rien de mieux..
Quelqu'un peut m'aider?
Merci d'avance

foubit · Answer

s'il vous plait aidez moi!!!

balltrap34 · Answer

salut
fait ceci
 HijackThis                         (ici)       http://ww11.spywareinfo.com/%7Emerijn/downloads.html     

telecharge le et met le dans son propre dossier ex/c :hj 
clik sur do a systeme scan et save a logfile
et copier coller le rapport
demo
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
---------------------------
ensuite
Scan bit defender
https://www.bitdefender.fr/
clik sur scan on line a gauche et suis la procedure
demo de scan
http://perso.orange.fr/rginformatique/section%20virus/defender.htm
et donne le rapport
a++

foubit · Answer

mercide la reponse.voici mon scan:Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:03:15, on 12/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Alwil Software\Avast4\aswUpdSv.exe
C:\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Alwil Software\Avast4\ashMaiSv.exe
C:\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\itmanhc.exe
C:\WINDOWS\system32\relccxs.exe
C:\WINDOWS\system32\secrvkkm.exe
C:\WINDOWS\system32\regyscqm.exe
C:\WINDOWS\system32\xmllwmew.exe
C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
C:\WINDOWS\system32\dfmmaps.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\(quentin)\Mes documents\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Elise et Quentin
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09705708-BB6B-4223-93DA-6B17D9CCD288} - (no file)
O2 - BHO: (no name) - {1B4BC9DC-B9E1-4181-80C5-3FA329FBDCDE} - C:\WINDOWS\system32\pmnnn.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\xxyvuut.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ohlsgmog.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
O4 - HKLM\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
O4 - HKLM\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
O4 - HKLM\..\Run: [mmsddlx] regyscqm.exe
O4 - HKLM\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKLM\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKLM\..\Run: [gdqfqtyx.exe] C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
O4 - HKLM\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKLM\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ntlfyxct.dll",realset
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
O4 - HKCU\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
O4 - HKCU\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
O4 - HKCU\..\Run: [mmsddlx] regyscqm.exe
O4 - HKCU\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnomlm - opnomlm.dll (file missing)
O20 - Winlogon Notify: pmnnllk - pmnnllk.dll (file missing)
O20 - Winlogon Notify: pmnnn - C:\WINDOWS\system32\pmnnn.dll
O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\SYSTEM32\winpsa32.dll
O20 - Winlogon Notify: xxyvuut - C:\WINDOWS\SYSTEM32\xxyvuut.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\kpf4ss.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

balltrap34 · Answer

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4

    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for

a++

foubit · Answer

voici le rapport de bitdefender
BitDefender Online Scanner
  
  
 
Scan report generated at: Wed, Jun 13, 2007 - 00:52:10
 
 
  
  
 
Scan path: C:\;D:\;E:\;
  
  
 
 
  
  
 
Statistics
 
Time
 01:45:54
 
Files
 374171
 
Folders
 7413
 
Boot Sectors
 3
 
Archives
 7588
 
Packed Files
 12362
 
  
  
 
Results
 
Identified Viruses 
 7
 
Infected Files 
 10
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 8
 
  
  
 
Engines Info
 
Virus Definitions
 513261
 
Engine build
 AVCORE v1.0 (build 2409) (i386) (May 9 2007 18:01:21)
 
Scan plugins
 14
 
Archive plugins
 38
 
Unpack plugins
 6
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\(quentin)\3.tmp
 Infected with: Backdoor.Rustock.NBM
 
C:\Documents and Settings\(quentin)\3.tmp
 Disinfection failed
 
C:\Documents and Settings\(quentin)\3.tmp
 Deleted
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP335\A0286542.exe
 Infected with: Win32.Worm.Wupad.A
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP335\A0286542.exe
 Disinfection failed
 
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP335\A0286542.exe
 Deleted
 
C:\WINDOWS\system32\fybvjyyl.exe
 Infected with: Trojan.LowZones.SA
 
C:\WINDOWS\system32\fybvjyyl.exe
 Disinfection failed
 
C:\WINDOWS\system32\fybvjyyl.exe
 Deleted
 
C:\WINDOWS\system32\hvjdyurp.dll
 Infected with: GenPack:Trojan.Vundo.DLZ
 
C:\WINDOWS\system32\hvjdyurp.dll
 Disinfection failed
 
C:\WINDOWS\system32\hvjdyurp.dll
 Deleted
 
C:\WINDOWS\system32\iifeded.dll
 Infected with: Trojan.Vundo.DMA
 
C:\WINDOWS\system32\iifeded.dll
 Disinfection failed
 
C:\WINDOWS\system32\iifeded.dll
 Deleted
 
C:\WINDOWS\system32\pmnnn.dll
 Infected with: Trojan.Vundo.DLY
 
C:\WINDOWS\system32\pmnnn.dll
 Disinfection failed
 
C:\WINDOWS\system32\pmnnn.dll
 Delete failed
 
C:\WINDOWS\system32\pvirtqyd.exe
 Infected with: Trojan.LowZones.SA
 
C:\WINDOWS\system32\pvirtqyd.exe
 Disinfection failed
 
C:\WINDOWS\system32\pvirtqyd.exe
 Deleted
 
C:\WINDOWS\system32\rqrqpqp.dll
 Infected with: Trojan.Vundo.DMA
 
C:\WINDOWS\system32\rqrqpqp.dll
 Disinfection failed
 
C:\WINDOWS\system32\rqrqpqp.dll
 Deleted
 
C:\WINDOWS\system32\xxyvuut.dll
 Infected with: Trojan.Vundo.DMA
 
C:\WINDOWS\system32\xxyvuut.dll
 Disinfection failed
 
C:\WINDOWS\system32\xxyvuut.dll
 Delete failed
 
C:\WINDOWS\system32\ygpmfwvm.dll
 Infected with: Trojan.Spy.VBStat.B
 
C:\WINDOWS\system32\ygpmfwvm.dll
 Deleted
 
je m'occupe tout de suite du logiciel dont tu m'as parlé
Merci encore

foubit · Answer

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.10

Scan started at 01:46:44 13/06/2007

Listing files found while scanning....


VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.10

Scan started at 19:47:22 13/06/2007

Listing files found while scanning....

C:\windows\system32
nnmp.bak1
C:\WINDOWS\system32
nnmp.bak2
C:\WINDOWS\system32
nnmp.ini
C:\windows\system32\ohlsgmog.dll
C:\WINDOWS\system32\pmnnn.dll
C:\windows\system32\xxyvuut.dll

Beginning removal...

Beginning removal...

 Attempting to delete C:\windows\system32
nnmp.bak1
C:\windows\system32
nnmp.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32
nnmp.bak2
C:\WINDOWS\system32
nnmp.bak2 Has been deleted!

 Attempting to delete C:\WINDOWS\system32
nnmp.ini
C:\WINDOWS\system32
nnmp.ini Has been deleted!

 Attempting to delete C:\windows\system32\ohlsgmog.dll
C:\windows\system32\ohlsgmog.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\pmnnn.dll
C:\WINDOWS\system32\pmnnn.dll Has been deleted!

 Attempting to delete C:\windows\system32\xxyvuut.dll
C:\windows\system32\xxyvuut.dll Has been deleted!

Performing Repairs to the registry.
Done!

foubit · Answer

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:02:35, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Alwil Software\Avast4\aswUpdSv.exe
C:\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\itmanhc.exe
C:\WINDOWS\system32\relccxs.exe
C:\WINDOWS\system32\secrvkkm.exe
C:\WINDOWS\system32\regyscqm.exe
C:\WINDOWS\system32\xmllwmew.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
C:\WINDOWS\system32\dfmmaps.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Alwil Software\Avast4\ashMaiSv.exe
C:\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.30-delta.exe
c:\123017fce6fe33eb8a75d4\mrtstub.exe
C:\Documents and Settings\(quentin)\Mes documents\HiJackThis_v2.exe
C:\WINDOWS\system32\MRT.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b29e2e7187b59f66d367afef04c7dfd5\update\update.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Elise et Quentin
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3A8AAF02-744B-4E8A-90BF-FFB026984B98} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\xxyvuut.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ohlsgmog.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
O4 - HKLM\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
O4 - HKLM\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
O4 - HKLM\..\Run: [mmsddlx] regyscqm.exe
O4 - HKLM\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKLM\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKLM\..\Run: [gdqfqtyx.exe] C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
O4 - HKLM\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKLM\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\ntlfyxct.dll",realset
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [scmplay] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
O4 - HKCU\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
O4 - HKCU\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
O4 - HKCU\..\Run: [mmsddlx] regyscqm.exe
O4 - HKCU\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
O4 - HKCU\..\Run: [scmplay] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnomlm - opnomlm.dll (file missing)
O20 - Winlogon Notify: pmnnllk - pmnnllk.dll (file missing)
O20 - Winlogon Notify: winpsa32 - C:\WINDOWS\SYSTEM32\winpsa32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\kpf4ss.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

balltrap34 · Answer

1. Télécharge combofix.exe (par sUBs) ici :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

sur ton Bureau.

2. Double clique combofix.exe et suis les invites.
3. Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

a++

foubit · Answer

je suis désolé pour le delai,j'ai eu beaucoup de mal à ce que combofix fonctionne correctement..
voici le rapport:
[code]
2006-12-14 14:52      461    --a--c---    C:\Qoobox\Quarantine\C\Program Files\INSTALL.LOG.vir
2007-01-20 16:34      104    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\(QUENT~1\Bureau\Internet Explorer.lnk.vir
2007-06-11 08:41      22016    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\winpsa32.dll.vir
2007-06-11 10:12      62350    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\xpdx.sys.vir
2007-06-11 10:13      58130    --a------    C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00002.dll.vir
2007-06-11 10:13      73727    --a------    C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll.vir
2007-06-12 18:17      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ntlfyxct.dll.vir
2007-06-12 23:11      555    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wpcjmd.log.vir
2007-06-14 11:22      973008    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tcxyfltn.ini.vir
2007-06-14 11:30      10182    --a------    C:\Qoobox\Quarantine\Registry_backups\services_nm.reg.cf
2007-06-14 11:30      200    --a------    C:\Qoobox\Quarantine\Registry_backups\services_xpdx.reg.cf
2007-06-14 11:32      295    --a------    C:\Qoobox\Quarantine\catchme.log
2007-06-14 11:32      60431    --a------    C:\Qoobox\Quarantine\catchme2007-06-14_113919.35.zip


Structure du dossier pour le volume HDD
Le num‚ro de s‚rie du volume est 6060-B295
C:\QOOBOX
\---Quarantine
    |   catchme.log
    |   catchme2007-06-14_113919.35.zip
    |   
    +---C
    |   +---DOCUME~1
    |   |   \---(QUENT~1
    |   |       \---Bureau
    |   |               Internet Explorer.lnk.vir
    |   |               
    |   +---Program Files
    |   |   |   INSTALL.LOG.vir
    |   |   |   
    |   |   \---Fichiers communs
    |   |       \---Microsoft Shared
    |   |           \---Web Folders
    |   |                   ibm00001.dll.vir
    |   |                   ibm00002.dll.vir
    |   |                   
    |   \---WINDOWS
    |       |   wpcjmd.log.vir
    |       |   
    |       \---system32
    |               ntlfyxct.dll.vir
    |               tcxyfltn.ini.vir
    |               winpsa32.dll.vir
    |               xpdx.sys.vir
    |               
    \---Registry_backups
            services_nm.reg.cf
            services_xpdx.reg.cf
            
[/code]

foubit · Answer

désolé,je crois que le rapport,c'est plutot ça:
ComboFix 07-06-13.3
"(quentin)" - 2007-06-14 11:22:55 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ntlfyxct.dll
C:\WINDOWS\system32\winpsa32.dll
C:\WINDOWS\system32\tcxyfltn.ini

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\(QUENT~1\Bureau.\internet explorer.lnk
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
C:\Program Files\install.log
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\wpcjmd.log

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm
-------\xpdx

((((((((((((((((((((((((( Files Created from 2007-05-14 to 2007-06-14 )))))))))))))))))))))))))))))))

2007-06-14 00:32 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 01:46 <REP> d-------- C:\VundoFix Backups
2007-06-12 22:51 70,941 --a------ C:\WINDOWS\ertreedwefwe.exe
2007-06-12 22:51 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Ultimate Cleaner
2007-06-12 18:23 <REP> d-------- C:\Program Files\Ultimate Cleaner
2007-06-12 18:15 47,019 --a------ C:\WINDOWS\regrththrerer.exe
2007-06-11 23:23 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\gdqfqtyx.exe
2007-06-11 21:48 45,357 --a------ C:\WINDOWS\erwtyhtujherg.exe
2007-06-11 14:21 <REP> d-------- C:\Downloads
2007-06-11 10:47 76,641 --a------ C:\WINDOWS\dsfrertr.exe
2007-06-11 10:47 72,152 --a------ C:\WINDOWS\tryewfdewgre.exe
2007-06-11 10:12 1,536 --a------ C:\wyjgsa.exe
2007-06-11 08:42 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\gjepsvkz.exe
2007-06-11 00:29 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-06-09 17:37 <REP> d-------- C:\DOCUME~1\(QUENT~1\WINDOWS
2007-06-07 17:07 3,313 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat
2007-06-05 08:20 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-06-05 07:20 13,045 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-06-05 00:04 2,981 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2007-06-04 15:14 <REP> d-------- C:\Program Files\MSN Messenger
2007-06-04 15:00 <REP> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-04 11:39 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-06-04 10:17 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-06-03 22:28 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-03 15:14 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-03 15:14 128,744 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-03 08:55 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
2007-06-03 08:54 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2007-06-02 13:50 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-06-02 01:19 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Vso
2007-06-01 12:47 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Media Player Classic
2007-06-01 12:46 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-01 12:46 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-01 12:46 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-01 12:46 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-01 12:46 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-01 12:46 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-01 12:46 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-05-29 23:09 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\gtk-2.0
2007-05-25 22:27 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-05-24 00:35 <REP> d-------- C:\Program Files\Emoticons-plus.com
2007-05-23 19:15 <REP> d-------- C:\WINDOWS\system32\PC Booster 5
2007-05-23 16:44 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
2007-05-23 16:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\National Instruments
2007-05-23 16:37 <REP> d-------- C:\WINDOWS\system32\cvirte
2007-05-20 12:45 755,200 --a------ C:\WINDOWS\system32\Ir50_32.dll
2007-05-20 12:45 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-05-20 12:45 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-05-20 12:45 200,192 --a------ C:\WINDOWS\system32\Ir50_qc.dll
2007-05-20 12:45 183,808 --a------ C:\WINDOWS\system32\Ir50_qcx.dll
2007-05-20 12:45 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-05-20 12:45 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-05-17 18:59 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-17 12:52 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-05-17 12:52 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-05-17 12:52 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-05-16 07:53 <REP> d-------- C:\Program Files\Resource Kit
2007-05-14 12:44 3,395 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-14 09:40:32 74,940 ----a-w C:\WINDOWS\wqefefgre.exe
2007-06-14 09:40:32 72,458 ----a-w C:\WINDOWS\ghregrgrfew.exe
2007-06-14 09:40:31 71,625 ----a-w C:\WINDOWS\twesdwdewewd.exe
2007-06-14 09:40:24 46,896 ----a-w C:\WINDOWS\jgregrgrethyt.exe
2007-06-14 09:40:15 75,017 ----a-w C:\WINDOWS\hrefhtrgfew.exe
2007-06-14 09:40:14 70,376 ----a-w C:\WINDOWS\weewsarfewre.exe
2007-06-13 22:28:01 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\OpenOffice.org2
2007-06-12 20:51:31 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Ultimate Cleaner
2007-06-11 11:17:12 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Skype
2007-06-10 20:56:16 -------- d-----w C:\Program Files\Lx_cats
2007-06-10 12:20:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-07 15:06:52 593,272 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-05 09:30:51 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-05 09:30:51 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-05 05:56:13 -------- d-----w C:\Program Files\Fichiers communs\AOL
2007-06-04 07:21:17 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Vso
2007-06-04 07:21:14 87,608 ----a-w C:\DOCUME~1\(QUENT~1\APPLIC~1\ezpinst.exe
2007-06-04 07:21:14 47,360 ----a-w C:\DOCUME~1\(QUENT~1\APPLIC~1\pcouffin.sys
2007-06-04 07:20:37 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Dev-Cpp
2007-06-02 14:01:34 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Ahead
2007-06-01 10:47:42 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Media Player Classic
2007-05-30 17:21:46 -------- d-----w C:\Program Files\Microsoft Works
2007-05-29 21:09:04 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\gtk-2.0
2007-05-25 18:10:12 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-05-23 17:25:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-23 14:49:32 -------- d-----w C:\Program Files\Common Files
2007-05-18 17:21:17 -------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-05-17 10:52:22 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-14 21:50:40 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-14 11:11:25 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\AdobeUM
2007-05-08 09:34:43 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\TuneUp Software
2007-05-07 09:22:08 -------- d-----w C:\Program Files\Fichiers communs\Skype
2007-05-06 22:48:59 -------- d-----w C:\Program Files\Ghostgum
2007-05-06 22:44:23 -------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-05-04 12:50:53 26 ----a-w C:\AUTOEXEC.BAT
2007-04-26 08:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
2007-04-26 08:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-05 15:46:59 29 ----a-w C:\WINDOWS\system32\getfile.dat
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2004-08-05 13:00:00 70,941 --sh--r C:\WINDOWS\system32\dfmmaps.exe
2004-08-05 13:00:00 90,326 --sh--r C:\WINDOWS\system32\dlljwdwv.exe
2004-08-05 13:00:00 71,625 --sh--r C:\WINDOWS\system32\ikern32.exe
2004-08-05 13:00:00 72,152 --sh--r C:\WINDOWS\system32\itmanhc.exe
2004-08-05 13:00:00 74,940 --sh--r C:\WINDOWS\system32\mmswr.exe
2004-08-05 13:00:00 72,458 --sh--r C:\WINDOWS\system32\rdsruns.exe
2004-08-05 13:00:00 93,426 --sh--r C:\WINDOWS\system32\regyscqm.exe
2004-08-05 13:00:00 76,641 --sh--r C:\WINDOWS\system32\relccxs.exe
2004-08-05 13:00:00 47,019 --sh--r C:\WINDOWS\system32\secrvkkm.exe
2004-08-05 13:00:00 45,357 --sh--r C:\WINDOWS\system32\xmliklvh.exe
2004-08-05 13:00:00 45,357 --sh--r C:\WINDOWS\system32\xmllwmew.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64}=C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 12:00]
{3A8AAF02-744B-4E8A-90BF-FFB026984B98}=C:\WINDOWS\system32\pmnnn.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmsddlx"="regyscqm.exe" [2004-08-05 15:00 C:\WINDOWS\system32\regyscqm.exe]
"gdqfqtyx.exe"="C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe" [2007-06-11 23:23]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]
"passcxd"="C:\WINDOWS\system32\itmanhc.exe" [2004-08-05 15:00]
"zcseacrt"="C:\WINDOWS\system32\relccxs.exe" [2004-08-05 15:00]
"rtkernsw"="C:\WINDOWS\system32\secrvkkm.exe" [2004-08-05 15:00]
"wpxmls"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
"syskern32"="C:\WINDOWS\system32\ikern32.exe" [2004-08-05 15:00]
"mwini32"="C:\WINDOWS\system32\mmswr.exe" [2004-08-05 15:00]
"msrlink"="C:\WINDOWS\system32\rdsruns.exe" [2004-08-05 15:00]
"kstscc"="dlljwdwv.exe" [2004-08-05 15:00 C:\WINDOWS\system32\dlljwdwv.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"passcxd"="C:\WINDOWS\system32\itmanhc.exe" [2004-08-05 15:00]
"zcseacrt"="C:\WINDOWS\system32\relccxs.exe" [2004-08-05 15:00]
"rtkernsw"="C:\WINDOWS\system32\secrvkkm.exe" [2004-08-05 15:00]
"mmsddlx"="regyscqm.exe" [2004-08-05 15:00 C:\WINDOWS\system32\regyscqm.exe]
"ifperx"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 18:47]
"wpxmls"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
"imcssl"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
"jcidls"="C:\WINDOWS\system32\dfmmaps.exe" [2004-08-05 15:00]
"scmplay"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
"syskern32"="C:\WINDOWS\system32\ikern32.exe" [2004-08-05 15:00]
"mwini32"="C:\WINDOWS\system32\mmswr.exe" [2004-08-05 15:00]
"msrlink"="C:\WINDOWS\system32\rdsruns.exe" [2004-08-05 15:00]
"kstscc"="dlljwdwv.exe" [2004-08-05 15:00 C:\WINDOWS\system32\dlljwdwv.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlm]
opnomlm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnllk]
pmnnllk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^(quentin)^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\(quentin)\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin300.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin300.exe.lnk
backup=C:\WINDOWS\pss\TrayMin300.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe "C:\WINDOWS\system32\hvjdyurp.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
"C:\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
"C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Documents and Settings\(quentin)\Mes documents\program\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker]
C:\APPS\EmailChecker\ech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjepsvkz.exe]
C:\Documents and Settings\All Users\Application Data\gjepsvkz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idlesam]
drvcihsk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ifperx]
C:\WINDOWS\system32\xmliklvh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\passcxd]
C:\WINDOWS\system32\itmanhc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\WINDOWS\system32\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scmplay]
C:\WINDOWS\system32\xmliklvh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
Rundll32.exe SiSPower.dll,ModeAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\APPS\skype\phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheDaVinciCode_Setup.exe]
E:\THEDAV~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zcseacrt]
C:\WINDOWS\system32\relccxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TheDaVinciCode_Setup.exe"=E:\THEDAV~1.EXE /r
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Skype"="C:\APPS\skype\phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"PCMService"="c:\Apps\Powercinema\PCMService.exe"
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" -atboottime
"InCD"=C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCD.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
NtmlSvc

Contents of the 'Scheduled Tasks' folder
2007-06-08 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job
2007-06-08 15:15:00 C:\WINDOWS\tasks\Maintenance en 1 clic.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-14 11:39:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [268]

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\mmswr.exe
C:\WINDOWS\system32\dlljwdwv.exe
C:\WINDOWS\system32\rdsruns.exe
C:\WINDOWS\system32\ikern32.exe

scan completed successfully
hidden files: 4

**************************************************************************

Completion time: 2007-06-14 11:42:40 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-14 11:42

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ntlfyxct.dll
C:\WINDOWS\system32\winpsa32.dll
C:\WINDOWS\system32\tcxyfltn.ini

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\(QUENT~1\Bureau.\internet explorer.lnk
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll
C:\Program Files\install.log
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\wpcjmd.log

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm
-------\xpdx

((((((((((((((((((((((((( Files Created from 2007-05-14 to 2007-06-14 )))))))))))))))))))))))))))))))

2007-06-14 11:40 75,017 --a------ C:\WINDOWS\hrefhtrgfew.exe
2007-06-14 11:40 74,940 --a------ C:\WINDOWS\wqefefgre.exe
2007-06-14 11:40 72,458 --a------ C:\WINDOWS\ghregrgrfew.exe
2007-06-14 11:40 71,625 --a------ C:\WINDOWS\twesdwdewewd.exe
2007-06-14 11:40 70,376 --a------ C:\WINDOWS\weewsarfewre.exe
2007-06-14 11:40 46,896 --a------ C:\WINDOWS\jgregrgrethyt.exe
2007-06-12 22:51 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Ultimate Cleaner
2007-06-09 17:37 <REP> d-------- C:\DOCUME~1\(QUENT~1\WINDOWS
2007-06-02 01:19 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Vso
2007-06-01 12:47 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\Media Player Classic
2007-05-29 23:09 <REP> d-------- C:\DOCUME~1\(QUENT~1\APPLIC~1\gtk-2.0

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 22:28:01 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\OpenOffice.org2
2007-06-12 20:51:31 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Ultimate Cleaner
2007-06-11 11:17:12 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Skype
2007-06-10 20:56:16 -------- d-----w C:\Program Files\Lx_cats
2007-06-10 12:20:12 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-07 15:06:52 593,272 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-05 09:30:51 64,052 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-05 09:30:51 445,672 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-05 05:56:13 -------- d-----w C:\Program Files\Fichiers communs\AOL
2007-06-04 07:21:17 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Vso
2007-06-04 07:21:14 87,608 ----a-w C:\DOCUME~1\(QUENT~1\APPLIC~1\ezpinst.exe
2007-06-04 07:21:14 47,360 ----a-w C:\DOCUME~1\(QUENT~1\APPLIC~1\pcouffin.sys
2007-06-04 07:20:37 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Dev-Cpp
2007-06-02 14:01:34 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Ahead
2007-06-01 10:47:42 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\Media Player Classic
2007-05-30 17:21:46 -------- d-----w C:\Program Files\Microsoft Works
2007-05-29 21:09:04 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\gtk-2.0
2007-05-25 18:10:12 -------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-05-23 17:25:56 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-05-23 14:49:32 -------- d-----w C:\Program Files\Common Files
2007-05-18 17:21:17 -------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-05-17 10:52:22 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-14 21:50:40 682,232 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-05-14 11:11:25 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\AdobeUM
2007-05-08 09:34:43 -------- d-----w C:\DOCUME~1\(QUENT~1\APPLIC~1\TuneUp Software
2007-05-07 09:22:08 -------- d-----w C:\Program Files\Fichiers communs\Skype
2007-05-06 22:48:59 -------- d-----w C:\Program Files\Ghostgum
2007-05-06 22:44:23 -------- d-----w C:\Program Files\OpenOffice.org 2.2
2007-05-04 12:50:53 26 ----a-w C:\AUTOEXEC.BAT
2007-04-26 08:21:34 72,624 ----a-w C:\WINDOWS\system32\drivers\khips.sys
2007-04-26 08:21:30 302,000 ----a-w C:\WINDOWS\system32\drivers\fwdrv.sys
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-05 15:46:59 29 ----a-w C:\WINDOWS\system32\getfile.dat
2007-03-17 13:44:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2004-08-05 13:00:00 70,941 --sh--r C:\WINDOWS\system32\dfmmaps.exe
2004-08-05 13:00:00 90,326 --sh--r C:\WINDOWS\system32\dlljwdwv.exe
2004-08-05 13:00:00 71,625 --sh--r C:\WINDOWS\system32\ikern32.exe
2004-08-05 13:00:00 72,152 --sh--r C:\WINDOWS\system32\itmanhc.exe
2004-08-05 13:00:00 74,940 --sh--r C:\WINDOWS\system32\mmswr.exe
2004-08-05 13:00:00 72,458 --sh--r C:\WINDOWS\system32\rdsruns.exe
2004-08-05 13:00:00 93,426 --sh--r C:\WINDOWS\system32\regyscqm.exe
2004-08-05 13:00:00 76,641 --sh--r C:\WINDOWS\system32\relccxs.exe
2004-08-05 13:00:00 47,019 --sh--r C:\WINDOWS\system32\secrvkkm.exe
2004-08-05 13:00:00 45,357 --sh--r C:\WINDOWS\system32\xmliklvh.exe
2004-08-05 13:00:00 45,357 --sh--r C:\WINDOWS\system32\xmllwmew.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64}=C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 12:00]
{3A8AAF02-744B-4E8A-90BF-FFB026984B98}=C:\WINDOWS\system32\pmnnn.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mmsddlx"="regyscqm.exe" [2004-08-05 15:00 C:\WINDOWS\system32\regyscqm.exe]
"gdqfqtyx.exe"="C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe" [2007-06-11 23:23]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 13:41]
"syskern32"="C:\WINDOWS\system32\ikern32.exe" [2004-08-05 15:00]
"mwini32"="C:\WINDOWS\system32\mmswr.exe" [2004-08-05 15:00]
"msrlink"="C:\WINDOWS\system32\rdsruns.exe" [2004-08-05 15:00]
"kstscc"="dlljwdwv.exe" [2004-08-05 15:00 C:\WINDOWS\system32\dlljwdwv.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"passcxd"="C:\WINDOWS\system32\itmanhc.exe" [2004-08-05 15:00]
"zcseacrt"="C:\WINDOWS\system32\relccxs.exe" [2004-08-05 15:00]
"rtkernsw"="C:\WINDOWS\system32\secrvkkm.exe" [2004-08-05 15:00]
"mmsddlx"="regyscqm.exe" [2004-08-05 15:00 C:\WINDOWS\system32\regyscqm.exe]
"ifperx"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-25 18:47]
"wpxmls"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
"imcssl"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
"jcidls"="C:\WINDOWS\system32\dfmmaps.exe" [2004-08-05 15:00]
"scmplay"="C:\WINDOWS\system32\xmllwmew.exe" [2004-08-05 15:00]
"syskern32"="C:\WINDOWS\system32\ikern32.exe" [2004-08-05 15:00]
"mwini32"="C:\WINDOWS\system32\mmswr.exe" [2004-08-05 15:00]
"msrlink"="C:\WINDOWS\system32\rdsruns.exe" [2004-08-05 15:00]
"kstscc"="dlljwdwv.exe" [2004-08-05 15:00 C:\WINDOWS\system32\dlljwdwv.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 16:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnomlm]
opnomlm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnllk]
pmnnllk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^(quentin)^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\(quentin)\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin300.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin300.exe.lnk
backup=C:\WINDOWS\pss\TrayMin300.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe "C:\WINDOWS\system32\hvjdyurp.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
"C:\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
"C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Documents and Settings\(quentin)\Mes documents\program\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailChecker]
C:\APPS\EmailChecker\ech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjepsvkz.exe]
C:\Documents and Settings\All Users\Application Data\gjepsvkz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]
C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\idlesam]
drvcihsk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ifperx]
C:\WINDOWS\system32\xmliklvh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
"C:\Program Files\Microsoft Money\System\mnyexpr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\passcxd]
C:\WINDOWS\system32\itmanhc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\WINDOWS\system32\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scmplay]
C:\WINDOWS\system32\xmliklvh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
Rundll32.exe SiSPower.dll,ModeAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\APPS\skype\phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheDaVinciCode_Setup.exe]
E:\THEDAV~1.EXE /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zcseacrt]
C:\WINDOWS\system32\relccxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TheDaVinciCode_Setup.exe"=E:\THEDAV~1.EXE /r
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Skype"="C:\APPS\skype\phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
"SiSPower"=Rundll32.exe SiSPower.dll,ModeAgent
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"PCMService"="c:\Apps\Powercinema\PCMService.exe"
"QuickTime Task"="C:\WINDOWS\system32\qttask.exe" -atboottime
"InCD"=C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCD.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
UxTuneUp
NtmlSvc

Contents of the 'Scheduled Tasks' folder
2007-06-08 15:15:00 C:\WINDOWS\tasks\1-Klick-Wartung.job
2007-06-08 15:15:00 C:\WINDOWS\tasks\Maintenance en 1 clic.job

balltrap34 · Answer

télécharge Brute Force Uninstaller
http://www.merijn.org/files/bfu.zip
met le dans son propre dossier   ex:c:bfu    (voir demo) http://perso.orange.fr/rginformatique/section%20virus/bfu%20demo.htm

ensuite
ouvre ton bloc note et copie colle ceci pas les etoiles

************
ProcessKill \relccxs.exe  
ProcessKill \secrvkkm.exe 
ProcessKill \regyscqm.exe 
ProcessKill \xmllwmew.exe 
ProcessKill \gdqfqtyx.exe 
ProcessKill \dfmmaps.exe 

OptionUnloadShell
DllUnregister %SYSDIR%\winpsa32.dll|1

FileDelete %SYSDIR%\itmanhc.exe  
FileDelete %SYSDIR%\relccxs.exe  
FileDelete %SYSDIR%\secrvkkm.exe 
FileDelete %SYSDIR%\xmllwmew.exe 
FileDelete %SYSDIR%\dfmmaps.exe 
FileDelete %SYSDIR%\regyscqm.exe 
FileDelete %SYSDIR%\winpsa32.dll 
FileDelete %ALLUSERSAPPDATA%\gdqfqtyx.exe 

RegDeleteKey HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winpsa32.dll 

************
enregistre le  dans le meme dossier que bfu.exe et donne lui comme nom fixer

ensuite double clik sur bfu.exe 
Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur fixer
Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\FIXER
Clique sur "Execute" et laisse-le faire son travail.
Attendre que "Complete script execution" apparaîsse et clique sur OK.
Clique exit pour fermer le programme BFU.
Recommence encore une fois.

LA REFAIT UN HIJACK ET DONNE LE RAPPORT

foubit · Answer

je suis désolé,je vais certainement paraitre bete,mais je n'obtient pas le meme dossier que sur la video..je n'ai pas le dossier "egdaccess"... Pourtant j'ai bien dezipé le dossier dans C...
Désolé...

balltrap34 · Answer

sur la video c est un exemple la le dossier que tu doit avoir c est celui que je t est fait enregistre
via le bloc note il s appelle fixer
a++

foubit · Answer

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:22, on 2007-06-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Alwil Software\Avast4\aswUpdSv.exe
C:\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Alwil Software\Avast4\ashMaiSv.exe
C:\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ikern32.exe
C:\WINDOWS\system32\mmswr.exe
C:\WINDOWS\system32\rdsruns.exe
C:\WINDOWS\system32\itmanhc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\office\OFFICE11\POWERPNT.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\(quentin)\Mes documents\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {3A8AAF02-744B-4E8A-90BF-FFB026984B98} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [gdqfqtyx.exe] C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
O4 - HKLM\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
O4 - HKLM\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
O4 - HKLM\..\Run: [kstscc] dlljwdwv.exe
O4 - HKLM\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
O4 - HKLM\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKLM\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
O4 - HKLM\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
O4 - HKCU\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
O4 - HKCU\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
O4 - HKCU\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
O4 - HKCU\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
O4 - HKCU\..\Run: [scmplay] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
O4 - HKCU\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
O4 - HKCU\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
O4 - HKCU\..\Run: [kstscc] dlljwdwv.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: opnomlm - opnomlm.dll (file missing)
O20 - Winlogon Notify: pmnnllk - pmnnllk.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\kpf4ss.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

balltrap34 · Answer

salut
relance hijack coche toutes les ligne que je te met en dessous et ensuite clik sur fix

O2 - BHO: (no name) - {3A8AAF02-744B-4E8A-90BF-FFB026984B98} - C:\WINDOWS\system32\pmnnn.dll (file missing) 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O4 - HKLM\..\Run: [gdqfqtyx.exe] C:\Documents and Settings\All Users\Application Data\gdqfqtyx.exe 
O4 - HKLM\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
O4 - HKLM\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
O4 - HKLM\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
O4 - HKLM\..\Run: [kstscc] dlljwdwv.exe
O4 - HKLM\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
O4 - HKLM\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKLM\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
O4 - HKLM\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
O4 - HKCU\..\Run: [passcxd] C:\WINDOWS\system32\itmanhc.exe
O4 - HKCU\..\Run: [zcseacrt] C:\WINDOWS\system32\relccxs.exe
O4 - HKCU\..\Run: [rtkernsw] C:\WINDOWS\system32\secrvkkm.exe
O4 - HKCU\..\Run: [ifperx] C:\WINDOWS\system32\xmllwmew.exe 
O4 - HKCU\..\Run: [wpxmls] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [imcssl] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [jcidls] C:\WINDOWS\system32\dfmmaps.exe
O4 - HKCU\..\Run: [scmplay] C:\WINDOWS\system32\xmllwmew.exe
O4 - HKCU\..\Run: [syskern32] C:\WINDOWS\system32\ikern32.exe
O4 - HKCU\..\Run: [mwini32] C:\WINDOWS\system32\mmswr.exe
O4 - HKCU\..\Run: [msrlink] C:\WINDOWS\system32\rdsruns.exe
O4 - HKCU\..\Run: [kstscc] dlljwdwv.exe 
O20 - Winlogon Notify: opnomlm - opnomlm.dll (file missing)
O20 - Winlogon Notify: pmnnllk - pmnnllk.dll (file missing) 

ensuite redemarre et refait moi un nouvel hijack


a tu bien fait le script bfu?

foubit · Answer

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:21, on 2007-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Alwil Software\Avast4\aswUpdSv.exe
C:\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Alwil Software\Avast4\ashMaiSv.exe
C:\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\xmlawhfz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\(quentin)\Mes documents\program\antivirus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [vckdsip] C:\WINDOWS\system32\xmlawhfz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [vckdsip] C:\WINDOWS\system32\xmlawhfz.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\kpf4ss.exe (file missing)
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

balltrap34 · Answer

re
assure toi de ceci

Affiche tous les fichiers et dossiers : 
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher

 Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
 
Décocher masquer les extensions dont le type est connu
Puis fais "Ok" pour valider les changements.

Et appliquer

recherche et suppr ceci
C:\WINDOWS\system32\xmlawhfz.exe 
si il ne veut pas se suppr redemarre en mode sans echec et suppr le
ensuite refait un hijack

foubit · Answer

revoici le log..
merci de ton aide, j'ai l'impression que mon pc rame de moins en moins

foubit · Answer

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:02, on 2007-06-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Alwil Software\Avast4\aswUpdSv.exe
C:\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Alwil Software\Avast4\ashMaiSv.exe
C:\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\(quentin)\Mes documents\program\antivirus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [vckdsip] C:\WINDOWS\system32\xmlawhfz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [vckdsip] C:\WINDOWS\system32\xmlawhfz.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\MAX\nimxs.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Documents and Settings\(quentin)\Mes documents\Louloute\Shared\Tagger\tagsrv.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

balltrap34 · Answer

tu as chercher et virer le fichier citer plus haut??

foubit · Answer

oui c'est fait

balltrap34 · Answer

c est bizzard il est toujour dans ton hijack
recherche le a nouveau et suppr le et nouvelle hijack
C:\WINDOWS\system32\xmlawhfz.exe

balltrap34 · Answer

a tu toujours des alerte ultimate defender
a++

foubit · Answer

non,je n'ai plus d'alertes. j'ai retrouver un autre fichier apparament avec le meme nom mais sous un autre emplacement.
Voici mon nouveau log.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:32, on 2007-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Alwil Software\Avast4\aswUpdSv.exe
C:\Alwil Software\Avast4\ashServ.exe
C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Alwil Software\Avast4\ashMaiSv.exe
C:\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\(quentin)\Mes documents\program\antivirus\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Documents and Settings\(quentin)\Mes documents\program\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\(QUENT~1\MESDOC~1\program\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Documents and Settings\(quentin)\Mes documents\program\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Documents and Settings\(quentin)\Mes documents\program\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Documents and Settings\(quentin)\Mes documents\program\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Documents and Settings\(quentin)\Mes documents\program\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Documents and Settings\(quentin)\Mes documents\program\Nero 7\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: OpcEnum - Unknown owner - C:\WINDOWS\system32\OpcEnum.exe (file missing)
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Ray - Unknown owner - C:\Documents and Settings\(quentin)\Mes documents\program\rayserver.exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

balltrap34 · Answer

salut apparament c est bon 
tu peut refaire un scan en ligne bit defender par securite
a++

foubit · Answer

ok
merci beaucoup pour tout en tout cas!!!

balltrap34 · Answer

de rien
a++

tronaz · Answer

Bonjour a tous, ce post s'adresse à balltrap34 mais toute personne susceptible de m'aider est la bienvenue! voila il me semble que j'ai le meme  probleme que foubit .jai fai un snagit de mon bureau au moins tu peux voir le message qui apparait et limage de fond qui intervient qui n'est en rien celle de mon fond d'ecran elle se surperpose et si je pointe ma souris vers le bord haut exterieur je vois qu'il s'agit d'une fenetre que je peux fermer!!! voila le fichier snagit:

tronaz · Answer

Bonjour a tous, ce post s'adresse à balltrap34 mais toute personne susceptible de m'aider est la bienvenue! voila il me semble que j'ai le meme  probleme que foubit .jai fai un snagit de mon bureau au moins tu peux voir le message qui apparait et limage de fond qui intervient qui n'est en rien celle de mon fond d'ecran elle se surperpose et si je pointe ma souris vers le bord haut exterieur je vois qu'il s'agit d'une fenetre que je peux fermer!!! voila le fichier snagit: mince peux pas l'enregistrer ici bon alors je v te dire ce kil se passe un message sois disant de windows security alert apparait et me di le message suivant "  windows has detected an internet attack attempt... somebody's trying to infect your pc with spyware or harmful viruses. run full system scan now to protect your pc from internet attacks, hijacking attempts and spyware! click here to dowload spyware remover for total protection." alors sois je click sur ok ou sois je ferme la fenetre et d'une maniere ou d'une autre  je suis diriger sur la publicite d'utimate defender, enfin tu as compris l'embrouille koi alors j'ai dans lidee de suivre les consignes que tu as donne a foubit et je voudrais savoir si c bien la meme procedure que je dois effectuer parce que jai essayer de trouver le fameux fichier a effacer"C:\WINDOWS\system32\xmlawhfz.exe " avant meme de faire tout ce que tu lui a dit de faire mais il n'existe pas est ce que c normal et qu'il faut faire toutes ces manipulations avant pour le trouver ou bien c un otre qu'il fo que je cherche en ce qui me concerne!!!
dans l'attente de te relire je te remercie d'avance ainsi que tous ceux qui apporteront leur concours merci a +!!!!

balltrap34 · Answer

salut

Ouvre ce lien  (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
a++

tronaz · Answer

SmitFraudFix v2.219

Rapport fait à 20:54:04,62, 01/09/2007
Executé à partir de C:\Documents and Settings\LŠge\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\antivirus AOL\avp.exe
D:\antivirus AOL\avp.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\windows\system32
ucbvub.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Fichiers communs\InterVideo\FastTVSync\FastTVSync.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\MessengerSkinner\MessengerSkinner.exe
C:\WINDOWS\System32
vsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\mxduo.dll PRESENT !
C:\WINDOWS\privacy_danger PRESENT !
C:\WINDOWS\wmpdev.dll PRESENT !
C:\WINDOWS\wmpenv.dll PRESENT !
C:\WINDOWS\wmphost.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LŠge


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LŠge\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LGE~1\Favoris

C:\DOCUME~1\LGE~1\Favoris\Error Cleaner.url PRESENT !
C:\DOCUME~1\LGE~1\Favoris\Privacy Protector.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

C:\DOCUME~1\LGE~1\Bureau\Error Cleaner.url PRESENT !
C:\DOCUME~1\LGE~1\Bureau\Privacy Protector.url PRESENT !
C:\DOCUME~1\LGE~1\Bureau\Spyware?Malware Protection.url PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="MsgPlusLoader.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.39.2
DNS Server Search Order: 212.27.39.135

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.32.5
DNS Server Search Order: 212.27.39.135

Description: VIA Rhine II Fast Ethernet Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{352F990A-A6A0-4CE9-8351-C558BC7F0C2B}: DhcpNameServer=212.27.32.5 212.27.39.135
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6452D1FD-D999-49CF-9ED1-76370480DB7D}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{841D5F50-A634-49A5-B2D0-795980ED858B}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DC0EEBAD-0371-4FB6-9781-62063E21C0E4}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FBF17DE5-3E81-4D05-BDA0-B3D17D4581C8}: DhcpNameServer=212.27.39.2 212.27.39.135
HKLM\SYSTEM\CS2\Services\Tcpip\..\{352F990A-A6A0-4CE9-8351-C558BC7F0C2B}: DhcpNameServer=212.27.32.5 212.27.39.135
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6452D1FD-D999-49CF-9ED1-76370480DB7D}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{841D5F50-A634-49A5-B2D0-795980ED858B}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DC0EEBAD-0371-4FB6-9781-62063E21C0E4}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FBF17DE5-3E81-4D05-BDA0-B3D17D4581C8}: DhcpNameServer=212.27.39.2 212.27.39.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{352F990A-A6A0-4CE9-8351-C558BC7F0C2B}: DhcpNameServer=212.27.32.5 212.27.39.135
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6452D1FD-D999-49CF-9ED1-76370480DB7D}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{841D5F50-A634-49A5-B2D0-795980ED858B}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DC0EEBAD-0371-4FB6-9781-62063E21C0E4}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{FBF17DE5-3E81-4D05-BDA0-B3D17D4581C8}: DhcpNameServer=212.27.39.2 212.27.39.135
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

voila le rapport et merci d'avoir repondu aussi vite et merci a  S!RI pour ce programme et je sens que tu as deja cibler le probleme car sur la page d'accueil le logo correspond exactement a l'image qui s'installe sur mon bureau bravo!!

balltrap34 · Answer

oki

relance en mode sans echec et cette fois fait l option 2

a++

balltrap34 · Answer

salut
se serait bien de nous mettre le rapport de l option 2 stp
a++

Linvak · Answer

Désole de reposter sur un sujet classé, mais j'ai egalement un probleme de lag du a un virus. Je me suis balladé sur le forum mais n'ai rien vu qui pourrait m'aider. balltrap34, pourrais tu m'indiquer la procédure a faire.
Ci-joint le scan Hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:05:03, on 03/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\SLEE401.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla	fswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Steganos Security Suite 4\sde.exe
C:\Program Files\Steganos Security Suite 4\steganos4.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Hbtools\HBTV\HBTV.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HbTools\Bin\4.8.4.0\HbtSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\auré\Bureau\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B9499803B2A2303766A - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - c:\program files\hbtools\hbtv\hbtvhelper.dll
O2 - BHO: (no name) - {505FABCF-2CBE-2569-79E1-CD71121CBBFA} - C:\DOCUME~1\AUR~1\APPLIC~1\ACTIVE~1\seek bike.exe (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla	fswshx.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: HbTools - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: H&otbar - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - C:\Program Files\HbTools\Bin\4.8.4.0\HbtHostIE.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla	fswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [PROGRAM BASE COOL PLAY] C:\Documents and Settings\All Users\Application Data\htm poke program base\barbtrans.exe
O4 - HKLM\..\Run: [rcwjzord] C:\WINDOWS\system32dchdhwb.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.8.4.0\HbtWeatherOnTray.exe
O4 - HKLM\..\Run: [SpleakPlugin] "C:\Documents and Settings\auré\Bureau\Nouveau dossier (2)\lol\SpleakLoader.exe"
O4 - HKLM\..\Run: [PMsn Paraiso] C:\Documents and Settings\auré\Bureau\Nouveau dossier (2)\smyleis\PMsn Paraiso v2.3.59 MultiLanguage\PMsn Paraiso.exe Mini
O4 - HKLM\..\Run: [MySight 2006 BS Check&Random] C:\Program Files\MySight 2006\quickbs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [SDE] "C:\Program Files\Steganos Security Suite 4\sde.exe" /booting
O4 - HKCU\..\Run: [SSS] "C:\Program Files\Steganos Security Suite 4\steganos4.exe" /booting
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84C3D62B-C027-4F54-9F5F-824C60CE66A8}: NameServer = 194.206.126.253,192.206.126.54
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE401.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Linvak · Answer

(je ne suis pas sur que ce soit du a un virus)

tronaz · Answer

Desenglue, j'espere maintenant loll
encore merci Balltrap et a bientot!!!!!

Pc lent à cause de virus...(ulimate defender)

36 réponses

Votre réponse

Newsletters