Virus Win32.BHO.df et autres Résolu

Question

Bonjour,
J'ai depuis une semaine un probleme de virus plutot coriace,
pub intempestive,fond d'ecran noir avec un cadre rouge "votre systeme est en danger et autres" telechargement d'antivirus messages d'alertes etc...
j'ai realiser plusieur scan avec plusieurs antivirus ce qui m'as permis d'en eradiquer un bon packet 
maintenent le fond d'ecran est redevenu normal plus de pubs plus de messages d'alertes plus de telechargement mais reste le plus gros probleme ==> ralentissement du systeme "mon pc ram a mort" ralentissement d'internet "10min pour ouvrir une page (si elle arrive a s'ouvrir) , deconnection de messageris (windows live messenger) bref un vrai merdier.
J'ai effectué un scan avec une version d'essaie de 30jours de kaspersky et un scan avec spybot , mais rien a fair spybot me detecte Win32.BHO.df et Virtumonde et kaspersky me detecte un trojan de type Win32.Agent.bck au demarrage de Windows en mode normal.J'ai bo corriger le probleme autant de fois que je veux rien a fair ces petites saloperies m'adore et comptes bien rester sur mon pc.
J'en viens donc a vous demander de l'aide car je vien de telecharger Hijackthis en version francaise et je doit dire que je comprend pas grand chose a ce logiciel pour l'instant j'ai pas envie de fair de betises ^^ 
voila voila je vais donc essayer de vous fair parvenir un scan HiJackThis en esperant que vous pourez m'aider ,
merci d'avance et à bientot

Megan Fox · Answer

Salut jay-91,

Pourrais-tu mettre le rapport hijackthis svp

jay-91 · Answer

Logfile of HijackThis v1.99.1
Scan saved at 17:32:37, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32	obhvlwm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/fr-fr/windows?Country=00&BrandID=msmsgs&INI=Messengerw10_5.ini&Other=SearchTerm%3d8004882e%26H_APP%3dMSN%2520Messenger%26S_Text%3dPour%2520obtenir%2520de%2520l%27aide%2520sur%2520%2520MSN%2520Messenger%252C%2520cliquez%2520sur%2520une%2520rubrique%2520%253A%25A0%26ContactUs%3d%26v4%3dDH_FREE&Version=7.5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {05B8F635-1F07-42D0-BAE9-9626F3B618C7} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {430E7108-C850-405F-9E5D-3B7517CB23F7} - (no file)
O2 - BHO: (no name) - {45DDFB65-1FDD-4D43-BE03-E04C1B173010} - (no file)
O2 - BHO: (no name) - {5332F96B-8748-43F2-9F03-BB9820F4A3E4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ijclqplx.dll
O2 - BHO: (no name) - {8B7B3E48-6692-4552-A504-1E5886BED27E} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {EF249EC3-E2FB-4131-9F88-16684DCBD988} - C:\WINDOWS\system32\jkhfg.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [2cc6a038] rundll32.exe "C:\WINDOWS\system32\kncerovb.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32	obhvlwm.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb	ribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00D0868.dat
O20 - Winlogon Notify: ehipvkyh - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: rqrroom - rqrroom.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

jay-91 · Answer

voila ;)

Megan Fox · Answer

Qu'as tu comme antivirus et pare-feu?

Je vois des traces de Symantec et de Kasperky en pare-feu ?

Ta console java n'est pas à jour, ce qui constitue une faille de sécurité.
Ouvre ce lien :
https://www.java.com/fr/download/manual.jsp
Choisis la première ligne de téléchargement puis installe java.
En fin d'installation, revient sur la page pour vérifier ton installation.
Quand l'installation a réussi, ouvre le panneau de configuration, Ajout/suppression de programmes et supprimes J2SE Runtime Environment Version 1.5.0_11.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.

Clique sur le bouton Scan for Vundo.
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
Démarre ton PC à nouveau.
Copie/colle le rapport (c:\vundofix.txt) dans ta réponse.

A+

jay-91 · Answer

J'ai un packard bell donc Northon fournis d'office mais normallement je l'ai remplacer par kaspersky ,
je fait tout ca et je revien 
a+

jay-91 · Answer

Ca y est j'ai telecharger les 2 programmes mais pour java j'ai eus un message "L'administrateur systeme a configuré la politique de votre systeme pour interdire cette installation"
et pour vundo voici le resultat :
C:\windows\system32\drvtozr.dll
C:\WINDOWS\system32\ijclqplx.dll
C:\windows\system32\wojrjogx.dll
C:\windows\system32\xgojrjow.ini

jay-91 · Answer

VundoFix V6.5.11

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 19:13:03 28/10/2007

Listing files found while scanning....

C:\windows\system32\drvtozr.dll
C:\WINDOWS\system32\ijclqplx.dll
C:\windows\system32\wojrjogx.dll
C:\windows\system32\xgojrjow.ini

Beginning removal...

 Attempting to delete C:\windows\system32\drvtozr.dll
C:\windows\system32\drvtozr.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ijclqplx.dll
C:\WINDOWS\system32\ijclqplx.dll Has been deleted!

 Attempting to delete C:\windows\system32\wojrjogx.dll
C:\windows\system32\wojrjogx.dll Has been deleted!

 Attempting to delete C:\windows\system32\xgojrjow.ini
C:\windows\system32\xgojrjow.ini Has been deleted!

Performing Repairs to the registry.
Done!

Megan Fox · Answer

Est tu bien administrateur du PC  que tu utilises ?

Si oui tu utilises peut être une session sans les droits administrateur.

Refait voir un scan hijackthis, mais avant il faudrait le renommer:

Renomme Hijackthis, clic droit dessus puis Renommer
S'il se nomme simplement hijackthis, tu mets jay
Si hijackthis.exe, en jay.exe

jay-91 · Answer

Oui je suis bien administrateur de cet ordinateur mais je fait les operations en mode sans echecs avec prise en charge reseaux il y a donc 2sessions qui apparaissent la miennes habituel "Jay" et une "Administrateur" au dessus.
je vais renomer Hijackthis et je te revoie un rapport

jay-91 · Answer

le voila 
Logfile of HijackThis v1.99.1
Scan saved at 20:45:12, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis Version Française\HiJayThis.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/fr-fr/windows?Country=00&BrandID=msmsgs&INI=Messengerw10_5.ini&Other=SearchTerm%3d8004882e%26H_APP%3dMSN%2520Messenger%26S_Text%3dPour%2520obtenir%2520de%2520l%27aide%2520sur%2520%2520MSN%2520Messenger%252C%2520cliquez%2520sur%2520une%2520rubrique%2520%253A%25A0%26ContactUs%3d%26v4%3dDH_FREE&Version=7.5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {05B8F635-1F07-42D0-BAE9-9626F3B618C7} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {430E7108-C850-405F-9E5D-3B7517CB23F7} - (no file)
O2 - BHO: (no name) - {45DDFB65-1FDD-4D43-BE03-E04C1B173010} - (no file)
O2 - BHO: (no name) - {5332F96B-8748-43F2-9F03-BB9820F4A3E4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\jactkhof.dll
O2 - BHO: (no name) - {8B7B3E48-6692-4552-A504-1E5886BED27E} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {B4267079-5D52-435F-80E7-5D809985337D} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [2cc6a038] rundll32.exe "C:\WINDOWS\system32yusvlcd.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb	ribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C83A9.dat
O20 - Winlogon Notify: ehipvkyh - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: rqrroom - rqrroom.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Megan Fox · Answer

Télécharge Combofix sUBs : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau.

Double-clic sur combofix, Il va te poser une question, réponds yes (touche y) puis attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.

jay-91 · Answer

ComboFix 07-10-28.2 - Jay 2007-10-28 21:18:10.1 - NTFSx86 NETWORK Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.696 [GMT 1:00] Running from: D:\Documents and Settings\Jay\Bureau\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\akl C:\Program Files\akl\akl.dll C:\Program Files\akl\akl.exe C:\Program Files\akl\curlog.htm C:\Program Files\akl\keylog.txt C:\Program Files\akl eadme.txt C:\Program Files\akl\uninstall.exe C:\Program Files\akl\unsetup.dat C:\Program Files\akl\unsetup.exe C:\Program Files\amsys C:\Program Files\amsys\awmsg.dat C:\Program Files\amsys\mfc42.dll C:\Program Files\amsys\msvcrt.dll C:\Program Files\amsys\unins000.dat C:\Program Files\amsys\unis000.exe C:\Program Files\amsys\winam.dat C:\Program Files\e-zshopper C:\Program Files\e-zshopper\BarLcher.dll C:\Program Files\webmediaplayer C:\Program Files\webmediaplayer\Conditions générales.url C:\Program Files\webmediaplayer\Confidentialité.url C:\Program Files\webmediaplayer esources\languages.xml C:\Program Files\webmediaplayer esources\webmedias C:\Program Files\webmediaplayer\skins\classic.skn C:\Program Files\webmediaplayer\sqlite3.dll C:\Program Files\webmediaplayer\WebMediaPlayer.exe C:\Program Files\webmediaplayer\Website.url C:\WINDOWS\aconti.exe C:\WINDOWS\adbar.dll C:\WINDOWS\cbinst$.exe C:\WINDOWS\cookies.ini C:\WINDOWS\daxtime.dll C:\WINDOWS\dp0.dll C:\WINDOWS\eventlowg.dll C:\WINDOWS\fhfmm-Uninstaller.exe C:\WINDOWS\fhfmm.exe C:\WINDOWS\hotporn.exe C:\WINDOWS\ie_32.exe C:\WINDOWS\jd2002.dll C:\WINDOWS\kkcomp$.exe C:\WINDOWS\kkcomp.exe C:\WINDOWS\liqad$.exe C:\WINDOWS\liqad.exe C:\WINDOWS\liqui-Uninstaller.exe C:\WINDOWS\liqui.exe C:\WINDOWS gd.dll C:\WINDOWS\pack.epk C:\WINDOWS\spredirect.dll C:\WINDOWS\system32\__c001A543.dat C:\WINDOWS\system32\__c001D992.dat C:\WINDOWS\system32\__c0056E69.dat C:\WINDOWS\system32\__c00C83A9.dat C:\WINDOWS\system32\__c00D0868.dat C:\WINDOWS\system32\__c00F08CD.dat C:\WINDOWS\system32\__c00F97E1.dat C:\WINDOWS\system32\__c00FA88E.dat C:\WINDOWS\system32\3_exception.nls C:\WINDOWS\system32\bvorecnk.ini C:\WINDOWS\system32\cbnjohts.ini C:\WINDOWS\system32\celxmnek.dll C:\WINDOWS\system32\cnogkrtm.dll C:\WINDOWS\system32\cpnsdvnp.dll C:\WINDOWS\system32\dclvsuyr.ini C:\WINDOWS\system32\ehipvkyh.dllbox C:\WINDOWS\system32\ESHOPEE.exe C:\WINDOWS\system32\gfhkj.bak1 C:\WINDOWS\system32\gfhkj.bak2 C:\WINDOWS\system32\gfhkj.ini C:\WINDOWS\system32\gfhkj.ini2 C:\WINDOWS\system32\gfhkj.tmp C:\WINDOWS\system32\gtv_sd.bin C:\WINDOWS\system32\gxaydxfi.dll C:\WINDOWS\system32\ihbxghkj.dll C:\WINDOWS\system32\iucloats.dll C:\WINDOWS\system32\jactkhof.dll C:\WINDOWS\system32\jkhfg.dll C:\WINDOWS\system32\jkidvnai.dat C:\WINDOWS\system32\jkidvnai_nav.dat C:\WINDOWS\system32\jkidvnai_navps.dat C:\WINDOWS\system32\kaxeithc.dll C:\WINDOWS\system32\kfefylmu.dll C:\WINDOWS\system32\kncerovb.dll C:\WINDOWS\system32\kpmkchgy.dll C:\WINDOWS\system32\lbxxcpbr.dll C:\WINDOWS\system32\mftnplfa.exe C:\WINDOWS\system32\mksedbqq.ini C:\WINDOWS\system32\mqxgojxq.dll C:\WINDOWS\system32\msole32.exe C:\WINDOWS\system32 iebjjtq.dll C:\WINDOWS\system32 lgexbnt.exe C:\WINDOWS\system32\oxiaoena.dll C:\WINDOWS\system32\ppqss.bak1 C:\WINDOWS\system32\ppqss.bak2 C:\WINDOWS\system32\ppqss.ini2 C:\WINDOWS\system32\ppqss.tmp C:\WINDOWS\system32\qqbdeskm.dll C:\WINDOWS\system32 bpcxxbl.ini C:\WINDOWS\system32 yusvlcd.dll C:\WINDOWS\system32\sthojnbc.dll C:\WINDOWS\system32\sucjfllp.dll C:\WINDOWS\system32 frpda.dat C:\WINDOWS\system32 frpda_nav.dat C:\WINDOWS\system32 frpda_navps.dat C:\WINDOWS\system32\umlyfefk.ini C:\WINDOWS\system32\urlmsnlink.dat C:\WINDOWS\system32\vezsqtotca.dat C:\WINDOWS\system32\vezsqtotca_nav.dat C:\WINDOWS\system32\vezsqtotca_navps.dat C:\WINDOWS\system32\vfinuamc.exe C:\WINDOWS\system32\wysbdidm.exe C:\WINDOWS\system32\xcuejlgm.dll C:\WINDOWS\system32\xpdx.sys C:\WINDOWS\system32\xvoohexn.dll C:\WINDOWS\system32\yggfxcwe.dll C:\WINDOWS\system32\ygksypbq.dll C:\WINDOWS\vxddsk.exe C:\WINDOWS\wml.exe C:\WINDOWS\xadbrk.exe C:\WINDOWS\xadbrk_.exe C:\WINDOWS\xxxvideo.exe D:\Documents and Settings\Jay\Application Data\MANTEC~1 D:\Documents and Settings\Jay\Application Data\MANTEC~1\??mantec\ D:\Documents and Settings\Jay\Bureau\webmediaplayer.lnk D:\Documents and Settings\Jay\Favoris\Online Security Guide.lnk D:\Documents and Settings\Jay\Menu Démarrer\Programmes\WebMediaPlayer D:\Documents and Settings\Jay\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk D:\Documents and Settings\Jay\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk D:\Documents and Settings\Jay\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk D:\Documents and Settings\Jay\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DOMAINSERVICE -------\LEGACY_NTMLSVC -------\LEGACY_RUNTIME -------\xpdx ((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-28 )))))))))))))))))))))))))))))))))))) . 2007-10-28 21:16 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-28 21:16 589 --a------ C:\WINDOWS\system32 wcrljrr.dll 2007-10-28 19:13 d-------- C:\VundoFix Backups 2007-10-28 17:31 d-------- C:\Program Files\Hijackthis Version Française 2007-10-28 15:52 d-------- C:\Program Files\Trend Micro 2007-10-24 06:56 d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-24 06:51 d--h----- D:\Documents and Settings\Administrateur.SN107170120313.000\Voisinage réseau 2007-10-24 06:51 d--h----- D:\Documents and Settings\Administrateur.SN107170120313.000\Voisinage d'impression 2007-10-24 06:51 d--h----- D:\Documents and Settings\Administrateur.SN107170120313.000\Modèles 2007-10-24 06:51 dr------- D:\Documents and Settings\Administrateur.SN107170120313.000\Mes documents 2007-10-24 06:51 dr------- D:\Documents and Settings\Administrateur.SN107170120313.000\Menu Démarrer 2007-10-24 06:51 dr------- D:\Documents and Settings\Administrateur.SN107170120313.000\Favoris 2007-10-24 06:51 dr------- D:\Documents and Settings\Administrateur.SN107170120313.000\Bureau 2007-10-24 06:51 d-------- D:\Documents and Settings\Administrateur.SN107170120313.000\Application Data\You've Got Pictures Screensaver 2007-10-24 06:51 d-------- D:\Documents and Settings\Administrateur.SN107170120313.000\Application Data\Symantec 2007-10-21 21:52 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat 2007-10-21 21:52 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat 2007-10-21 21:51 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-10-21 21:51 d-------- C:\Program Files\Kaspersky Lab 2007-10-21 21:51 6,046,240 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-10-21 21:51 42,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-10-21 20:00 d-------- D:\Documents and Settings\All Users\Application Data\Grisoft 2007-10-20 15:09 d-------- D:\Documents and Settings\Jay\Application Data\CamfrogWEB 2007-10-19 07:14 d-a------ D:\Documents and Settings\All Users\Application Data\TEMP 2007-10-19 07:13 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-10-18 22:38 35,328 --a------ C:\WINDOWS\system32\xxyvutu.dll 2007-10-18 22:34 4 --a------ C:\WINDOWS\system32\stfv.bin 2007-10-18 22:30 d-------- C:\WINDOWS\system32\acespy 2007-10-18 22:16 d-------- C:\Program Files\Adsense Helper Object 2007-10-18 22:13 35,328 --a------ C:\WINDOWS\system32\ljjijhf.dll 2007-10-18 16:25 d-------- C: emp\ext35620 2007-10-18 16:25 d-------- C:\Program Files\Microsoft Silverlight 2007-10-16 11:24 d-------- D:\Documents and Settings\Jay\Application Data\TuneUp Software 2007-10-16 11:24 d-------- D:\Documents and Settings\All Users\Application Data\TuneUp Software 2007-10-16 11:24 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-10-16 11:23 d-------- C:\Program Files\TuneUp Utilities 2007 2007-10-14 15:22 d-------- D:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-10-11 16:40 d-------- D:\Documents and Settings\jérémy\Application Data\Long Type Win 2007-10-11 16:36 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-10-11 16:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-10-10 07:05 582,656 --------- C:\WINDOWS\system32\dllcache pcrt4.dll 2007-10-06 21:16 d-------- C:\Program Files\Long Type Win 2007-10-06 21:09 d-------- D:\Documents and Settings\All Users\Application Data\Bin Wait Ante Cast 2007-10-06 21:08 d-------- D:\Documents and Settings\Jay\Application Data\Long Type Win 2007-10-01 19:27 d-------- C:\Program Files\Magicbit . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-28 18:19 84,140 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-10-28 18:19 7,076 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-10-28 18:18 --------- d-----w D:\Documents and Settings\Jay\Application Data\OpenOffice.org2 2007-10-28 18:18 --------- d-----w C:\Program Files\Wanadoo 2007-10-28 16:49 --------- d-----w C:\Program Files\LogMeIn 2007-10-25 17:54 --------- d-----w D:\Documents and Settings\Jay\Application Data\HP 2007-10-24 12:16 --------- d-----w D:\Documents and Settings\jérémy\Application Data\OpenOffice.org2 2007-10-24 11:51 --------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 1 2007-10-21 20:49 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2007-10-21 20:48 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec 2007-10-20 21:45 --------- d-----w C:\Program Files\Autodesk 2007-10-19 19:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-10-16 16:43 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-10-14 12:08 --------- d-----w C:\Program Files\Warcraft III 2007-10-14 11:48 --------- d-----w C:\Program Files\World of Warcraft 2007-10-10 20:49 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help 2007-09-30 20:16 --------- d-----w D:\Documents and Settings\Jay\Application Data\Samsung 2007-09-30 18:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-09-30 18:22 --------- d-----w C:\Program Files\Samsung 2007-09-29 20:32 --------- d-----w C:\Program Files\LimeWire 2007-09-25 20:19 --------- d-----w C:\Program Files\MSN Messenger 2007-09-25 19:51 --------- d-----w C:\Program Files\iTunes 2007-09-25 19:51 --------- d-----w C:\Program Files\iPod 2007-09-24 10:54 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-09-16 12:04 --------- d-----w C:\Program Files\Apple Software Update 2006-12-29 17:34 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{430E7108-C850-405F-9E5D-3B7517CB23F7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45DDFB65-1FDD-4D43-BE03-E04C1B173010}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5332F96B-8748-43F2-9F03-BB9820F4A3E4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8B7B3E48-6692-4552-A504-1E5886BED27E}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 13:03] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 16:01] "VX3000"="C:\WINDOWS\vVX3000.exe" [2006-10-13 16:04] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-05-10 14:45] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 07:06 C:\WINDOWS\KHALMNPR.Exe] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 09:00] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-20 12:04] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00] "WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 13:50] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 15:19] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [] D:\Documents and Settings\jérémy\Menu Démarrer\Programmes\Démarrage\ OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34] D:\Documents and Settings\Jay\Menu Démarrer\Programmes\Démarrage\ OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34] TribalWeb.lnk - C:\Program Files\TribalWeb ribalweb.exe [2007-05-13 17:31:54] D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-08 18:27:36] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-29 19:58:49] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"=1 (0x1) "AllowUnhashedWebView"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\ehipvkyh] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\LMIinit] LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\system32\LMIinit.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify qrroom] rqrroom.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfg.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "Data Secure"=C:\APPS\DATASEC\PBBckupUI.exe /HIDDEN [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion un-] "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k R0 SI3112r;ATI-437A Serial ATA Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys S2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" S2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe -k netsvcs S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys S3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys S3 SilverLink;Texas Instruments SilverLink (USB GraphLink) Cable;C:\WINDOWS\system32\Drivers\SilvrLnk.sys S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\sscdbus.sys S3 sscdmdfl;SAMSUNG CDMA Modem Filter;C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys S3 sscdmdm;SAMSUNG CDMA Modem Drivers;C:\WINDOWS\system32\DRIVERS\sscdmdm.sys S3 VX3000;VX-3000;C:\WINDOWS\system32\DRIVERS\VX3000.sys S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\C:\WINDOWS\system32\ZDCndis5.SYS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-10-12 11:34:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-10-16 10:24:26 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe "2006-05-10 14:04:01 C:\WINDOWS\Tasks\Rappel d'enregistrement 2.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2006-05-10 14:04:01 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job" - C:\WINDOWS\system32\OOBE\oobebaln.exe "2007-06-18 17:30:14 C:\WINDOWS\Tasks\Symantec NetDetect.job" . ************************************************************************** catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-28 21:27:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-28 21:28:10 - machine was rebooted . --- E O F --- ps:il y a eu un petit probleme avant le redemarage du pc une fenetre est apparu disant SYSTEM\currentControlset\Control\virtualDeviceDrivers. Le format du pilote de périphérique virtuel dans le registre n'est pas valide. Choisissez "fermer" pour mettre fin a l'application **fermer ou ignorer** voila le rapport HiJackThis Logfile of HijackThis v1.99.1 Scan saved at 21:33:26, on 28/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32 otepad.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hijackthis Version Française\HiJayThis.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/fr-fr/windows?Country=00&BrandID=msmsgs&INI=Messengerw10_5.ini&Other=SearchTerm%3d8004882e%26H_APP%3dMSN%2520Messenger%26S_Text%3dPour%2520obtenir%2520de%2520l%27aide%2520sur%2520%2520MSN%2520Messenger%252C%2520cliquez%2520sur%2520une%2520rubrique%2520%253A%25A0%26ContactUs%3d%26v4%3dDH_FREE&Version=7.5 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {430E7108-C850-405F-9E5D-3B7517CB23F7} - (no file) O2 - BHO: (no name) - {45DDFB65-1FDD-4D43-BE03-E04C1B173010} - (no file) O2 - BHO: (no name) - {5332F96B-8748-43F2-9F03-BB9820F4A3E4} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {8B7B3E48-6692-4552-A504-1E5886BED27E} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb ribalweb.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: ehipvkyh - C:\WINDOWS\ O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: rqrroom - rqrroom.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite aysat_3dsmax8server.exe O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

jay-91 · Answer

le pc à l'air d'aller mieux tout est redevenu normal ou presque internet marche correctement mais il a pas l'air super propre quand meme je pense que tu doit etre coucher merci pour ton aide cette apres midi et a demain ;)

jay-91 · Answer

J'ai reussi a installer la derniere version de java et j'ai supprimer la version 1.5.0.11 comme tu me l'as demander je te join un nouveaux rapport HijackThis 


Logfile of HijackThis v1.99.1
Scan saved at 00:54:57, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Hijackthis Version Française\HiJayThis.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com/fr-fr/windows?Country=00&BrandID=msmsgs&INI=Messengerw10_5.ini&Other=SearchTerm%3d8004882e%26H_APP%3dMSN%2520Messenger%26S_Text%3dPour%2520obtenir%2520de%2520l%27aide%2520sur%2520%2520MSN%2520Messenger%252C%2520cliquez%2520sur%2520une%2520rubrique%2520%253A%25A0%26ContactUs%3d%26v4%3dDH_FREE&Version=7.5
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {05B8F635-1F07-42D0-BAE9-9626F3B618C7} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {430E7108-C850-405F-9E5D-3B7517CB23F7} - (no file)
O2 - BHO: (no name) - {45DDFB65-1FDD-4D43-BE03-E04C1B173010} - (no file)
O2 - BHO: (no name) - {5332F96B-8748-43F2-9F03-BB9820F4A3E4} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8B7B3E48-6692-4552-A504-1E5886BED27E} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [2cc6a038] rundll32.exe "C:\WINDOWS\system32\qqbdeskm.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb	ribalweb.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin
pjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin
pjpi160_03.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: ehipvkyh - C:\WINDOWS\
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: rqrroom - rqrroom.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Megan Fox · Answer

Salut 


* Relance HijackThis.

Choisis Do a scan only

Coche la case devant les lignes suivantes

O2 - BHO: (no name) - {05B8F635-1F07-42D0-BAE9-9626F3B618C7} - (no file)
O2 - BHO: (no name) - {430E7108-C850-405F-9E5D-3B7517CB23F7} - (no file)
O2 - BHO: (no name) - {45DDFB65-1FDD-4D43-BE03-E04C1B173010} - (no file)
O2 - BHO: (no name) - {5332F96B-8748-43F2-9F03-BB9820F4A3E4} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {8B7B3E48-6692-4552-A504-1E5886BED27E} - (no file)
O4 - HKLM\..\Run: [2cc6a038] rundll32.exe "C:\WINDOWS\system32\qqbdeskm.dll",b
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - Winlogon Notify: ehipvkyh - C:\WINDOWS\
O20 - Winlogon Notify: rqrroom - rqrroom.dll (file missing)


Clique sur fix checked.

Ferme Hijackthis.

-------------------------------------------------------------------------

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe 
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\qqbdeskm.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

-------------------------------------------------------------------------

 Télécharge AVG antispyware

https://www.01net.com/

Tuto :
https://www.malekal.com/avg-antivirus-free-antivirus-gratuit-pour-proteger-son-pc-des-virus/


->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici 


a+

jay-91 · Answer

Salut
OTMoveIt n'as pas trouver C:\WINDOWS\system32\qqbdeskm.dll
 et voici le rapport AVG :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	16:51:17 30/10/2007

 + Résultat de l'analyse:	



D:\Documents and Settings\Jay\Cookies\jay@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.13:D:\Documents and Settings\Administrateur.SN107170120313.000\Application Data\Mozilla\Firefox\Profiles\us8b3n05.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
D:\Documents and Settings\Jay\Cookies\jay@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.


Fin du rapport

Megan Fox · Answer

Salut jay-91,

OTMoveIt n'as pas trouver C:\WINDOWS\system32\qqbdeskm.dll 

Bah oui forcement puisque combofix l'a supprimé, que suis-je bête :))).
Ca devait être juste une trace dans le registre.

Bon allez, pour être sûr qu'il n'y a plus rien, on va faire un scan en ligne:

* Fait un scan antivirus en ligne avec Internet Explorer
www.bitdefender.com/scan8/ie.html
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

A+

jay-91 · Answer

J'ai vu ton message un petit peu tard desoler , le scan est en cour :) 
ca sent le propre :D
au fait j'ai commencer a lire quelques articles sur HijackThis j'essaye de comprendre les scans ,
aurais tu un liens ou il y aurais des expliquations ? comment deceller les problemes a travers les lignes ? 
@++

Megan Fox · Answer

Pas de problème pour le scan, on attendra un peu :)))

Pour hijackthis tu en as plusieurs, moi j'aime bien celui-là:
https://www.bleepingcomputer.com/tutorials/comment-utiliser-hijackthis/

Après il y a des lignes typiques pour certaines infections, donc ça tu l'apprend avec l'expérience, il y a également des sites comme CastleCops
http://www.castlecops.com/CLSID.html
qui te permet de vérifier les informations, et ensuite il y a Google.

jay-91 · Answer

Ok merci beaucoup :)

jay-91 · Answer

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc10\jkhfg.dll.vir
	

Detected with: Adware.Virtumonde.GGZ

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc10\jkhfg.dll.vir
	

Disinfection failed

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc10\jkhfg.dll.vir
	

Deleted

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc10\sthojnbc.dll.vir
	

Infected with: Trojan.Vundo.DOY

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc10\sthojnbc.dll.vir
	

Deleted

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc11\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008
	

Infected with: Trojan.Mailskinner.C

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc11\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008
	

Disinfection failed

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc11\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008
	

Deleted

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc11\pack.epk.vir=>(NSIS 2g)
	

Update failed

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc14\WebMediaPlayer.exe.vir
	

Infected with: Trojan.Mailskinner.C

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc14\WebMediaPlayer.exe.vir
	

Disinfection failed

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc14\WebMediaPlayer.exe.vir
	

Deleted

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc20\catchme2007-10-28_212710.53.zip=>jkhfg.dll
	

Detected with: Adware.Virtumonde.GGZ

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc20\catchme2007-10-28_212710.53.zip=>jkhfg.dll
	

Disinfection failed

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc20\catchme2007-10-28_212710.53.zip=>jkhfg.dll
	

Deleted

C:\RECYCLER\S-1-5-21-3878316107-3682787709-2019909053-1008\Dc20\catchme2007-10-28_212710.53.zip
	

Updated

C:\WINDOWS\system32\ljjijhf.dll
	

Infected with: Trojan.Vundo.DOB

C:\WINDOWS\system32\ljjijhf.dll
	

Disinfection failed

C:\WINDOWS\system32\ljjijhf.dll
	

Deleted

C:\WINDOWS\system32\xxyvutu.dll
	

Infected with: Trojan.Vundo.DOB

C:\WINDOWS\system32\xxyvutu.dll
	

Disinfection failed

C:\WINDOWS\system32\xxyvutu.dll
	

Deleted

voilà :))

jay-91 · Answer

bon ben je pense que je peu mettre le post en resolu , plus aucuns symptomes la becane tourne bien :)
recapitulatif : 
-un scan avec VundoFix
-un scan avec ComboFix
(disparition des symptomes)
-un scan AVG anti-spyware
-et pour finir un scan online bitdefender

Merci beaucoup pour ton aide Megan fox @++

Megan Fox · Answer

Si tu n'as plus de problème oui tu peux,


A++

jjfkfr · Answer

Bonjour, 

Je tenais à vous remercier sincèrement.

J'ai récupéré cette saloperie de virus win32.bho.df,qui me pourrissait mon pc,  et j'ai suivi à la lettre la procédure ci dessus.
Je pense que c'est combofix qui l'a flingué.
Je ne sais pas comment j'aurais fait sans votre aide.

Je vous remercie une nouvelle fois pour cette aide.

Cordialement.

LOLO · Answer

Voila une solution simple pour WIN32.BHO.df et autres merde car il n'y à pas d'autre mot.j'ai installé norton anti virus et norton internet security scan il à fait son boulot pendant environs 10 heures et hop plus rien bye bye.                                                                                                  voir sur les sites de téléchargement gratuit ou alors peut'etre voir avec avgas-setup-7.5.1.43 avoir peut'etre qu'il fonctionne mais je ne sais  pas car je n' ai pas essayé. bonne chance à vous lolo.

Virus Win32.BHO.df et autres - Page 2

Discussions similaires

Newsletters