CHEVAL DE TROI Win32 ?

Résolu
tontonsem Messages postés 29 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
**Depuis quelques jours ,j'ai mon anti virus AVAST qui détecte un cheval de troi.
Win32:TraBHO[Trj]
Win32:Pakes-AHD[Trj]
J'ai supprimé les fichiers mis en quarantaines,le cheval de troi revient toujours.
**Ce matin en allumant mon ordi,il a apparu sur mon écran d'ordinateur ce message:
IMPOSSIBLE DE CHARGER OU D'EXECUTER
C:\Windows\System32\pmnlk.exe spécificé dans le régistre.
Vérifiez que le fichier existe sur votre ordinateur ou supprimer la référence dans le régistre.
J'ai cliqué sur OK OK et
1ère question: COMMENT DOIS-JE FAIRE POUR VIRER CE CHEVAL DE TROI ?
2ème question: Qu'est-ce que je peux faire pour ne plus avoir le message Impossible de charger ou d'executer C:Windoxs\system32\pmnlk.exe sur mon écran au démarage.
A vous de m'aider maintenant SVP.
Voiçi le rapport HijacThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:43:21, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\SDTrayApp .exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\msgrlive.exe
C:\Acer\Empowering Technology\eRecovery\Monitor .exe
C:\WINDOWS\system32\ElkCtrl .exe
C:\Program Files\Logitech\Video\CameraAssistant .exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\mbr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnlk.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\urqnkji.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ogsrajktbr] c:\windows\system32\ogsrajktbr.exe ogsrajktbr
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Windows Live Messenger!] msgrlive.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [mbr] C:\WINDOWS\system32\mbr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - C:\WINDOWS\system32\controlkids2.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: urqnkji - C:\WINDOWS\SYSTEM32\urqnkji.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Print Spooler Service (n3xyyzyi8) - Unknown owner - C:\WINDOWS\system32\mbr.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

--
End of file - 12238 bytes
Configuration: Windows XP
Internet Explorer 7.0

47 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une infection par un cheval de Troie est détectée par Avast avec Win32:TraBHO[Trj] et Win32:Pakes-AHD[Trj], et un message d'erreur signale l'impossibilité de charger l'exécutable C:\Windows\System32\pmnlk.exe répertorié dans le registre.

Plusieurs mesures essentielles permettent d'éliminer cette menace, telles qu'un scan complet à jour avec Avast et la suppression des entrées suspectes dans les clés Run et AppInit_DLLs.

D'autres éléments à vérifier incluent les services et tâches planifiées, les extensions BHO et les fichiers exécutables inhabituels dans System32 (comme pmnlk.exe), et l'arrêt des processus malveillants identifiés par HijackThis.

En cas d'infection confirmée, il est prudent de sauvegarder les données non vulnérables et de préparer une réinstallation propre ou une restauration à partir d'un point sain si les symptômes réapparaissent.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    une petite analyse :

    C:\WINDOWS\system32\mbr.exe
    C:\WINDOWS\system32\Drivers\Ijf80.sys

    sur virus total:

    https://www.virustotal.com/gui/

    peux etre auras tu besoin d´afficher les fichiers cachés pour les trouver :

    Affiche tous les fichiers et dossiers :
    Pour cela :
    Clique sur démarrer/panneau de configuration/option des dossiers/affichage

    Cocher afficher les dossiers cachés

    Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décocher masquer les extensions dont le type est connu

    Puis fais «Ok» pour valider les changements.

    Et appliquer !

    post les rapports d´analyse ici stp

    @+
    1
  2. Utilisateur anonyme
     
    bonjour ! infection vundo !

    Télécharger Vundofix.exe (par Atribune) sur votre Bureau : http://www.atribune.org/ccount/click.php?id=4

    * Double-cliquer sur VundoFix.exe afin de le lancer.
    * Cliquer sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, cliquer sur le bouton Remove Vundo.
    * Une invite de commande demandera si l’on souhaite supprimer les fichiers, cliquer sur YES
    * Après avoir cliqué "YES", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Une nouvelle invite de commande annoncera que le PC devra s'éteindre ("shutdown"). Cliquer sur OK , puis laisser le redémarrer.
    * Le contenu du rapport est situé dans C:\vundofix.txt, poste le stp
    *copie le contenue du rapport et colle le ici stp

    https://www.01net.com/

    Télécharge sur le bureau
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
    => Double clic sur VirtumundoBeGone.exe
    => Clic Continue ==> clic Start
    => Clic Oui
    => A la fin si Vundo est présent , le PC s’éteint et redémarre
    - Si Ecran bleu et message : Erreur fatale .. pas de problème
    => Poster le rapport VBG.TXT qui est sur le bureau
    0
  3. Utilisateur anonyme
     
    bonjour efface ton adresse mail !! a moins que tu es envie de te faire pirater !!!!!!!!
    0
  4. tontonsem Messages postés 29 Statut Membre
     
    ou s ke j'ai mis mon mail ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. tontonsem Messages postés 29 Statut Membre
     
    carrosier13,
    Voici le rapport:
    Je vais t'envoyer aussi le hijackthis
    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.11

    Scan started at 17:23:42 17/01/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqpmj.dll
    C:\WINDOWS\system32\awtrstu.dll
    C:\WINDOWS\system32\awturon.dll
    C:\WINDOWS\system32\byxwxwt.dll
    C:\WINDOWS\system32\byxyaxy.dll
    C:\WINDOWS\system32\byxyvtr.dll
    C:\WINDOWS\system32\cbxusqr.dll
    C:\WINDOWS\system32\cbxusro.dll
    C:\WINDOWS\system32\cbxvuss.dll
    C:\WINDOWS\system32\cbxvwxv.dll
    C:\WINDOWS\system32\cbxxuvv.dll
    C:\WINDOWS\system32\cbxxyxv.dll
    C:\WINDOWS\system32\cbxyyyv.dll
    C:\WINDOWS\system32\ddcbyxu.dll
    C:\WINDOWS\system32\ddcccyy.dll
    C:\WINDOWS\system32\ddcdcde.dll
    C:\WINDOWS\system32\efcbbcd.dll
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\fccaaby.dll
    C:\WINDOWS\system32\fccdeee.dll
    C:\WINDOWS\system32\gebbbxw.dll
    C:\WINDOWS\system32\gebbywu.dll
    C:\WINDOWS\system32\gebcywt.dll
    C:\WINDOWS\system32\gebxxwx.dll
    C:\WINDOWS\system32\gebyyww.dll
    C:\WINDOWS\system32\hauppauge\DivX.dll
    C:\WINDOWS\system32\hgghihh.dll
    C:\WINDOWS\system32\iifeefc.dll
    C:\WINDOWS\system32\iiffdec.dll
    C:\WINDOWS\system32\iifgefd.dll
    C:\WINDOWS\system32\khfcayw.dll
    C:\WINDOWS\system32\khfcyya.dll
    C:\WINDOWS\system32\khfebxv.dll
    C:\WINDOWS\system32\khfecax.dll
    C:\WINDOWS\system32\khfedcy.dll
    C:\WINDOWS\system32\khfeeda.dll
    C:\WINDOWS\system32\khffgff.dll
    C:\WINDOWS\system32\ljjgfgd.dll
    C:\WINDOWS\system32\ljjghgd.dll
    C:\WINDOWS\system32\ljjhfca.dll
    C:\WINDOWS\system32\ljjhfec.dll
    C:\WINDOWS\system32\ljjighf.dll
    C:\WINDOWS\system32\ljjjgec.dll
    C:\WINDOWS\system32\mljgfda.dll
    C:\WINDOWS\system32\mljhfee.dll
    C:\WINDOWS\system32\mljihfg.dll
    C:\WINDOWS\system32\mljihhi.dll
    C:\WINDOWS\system32\mljkijh.dll
    C:\WINDOWS\system32\nnnkkig.dll
    C:\WINDOWS\system32\nnnkkli.dll
    C:\WINDOWS\system32\nnnnmlm.dll
    C:\WINDOWS\system32\nnnnnkk.dll
    C:\WINDOWS\system32\opnlife.dll
    C:\WINDOWS\system32\opnljhi.dll
    C:\WINDOWS\system32\opnmjkl.dll
    C:\WINDOWS\system32\opnmmlk.dll
    C:\WINDOWS\system32\opnnmlj.dll
    C:\WINDOWS\system32\opnopnk.dll
    C:\WINDOWS\system32\pmnmlkk.dll
    C:\WINDOWS\system32\pmnonkh.dll
    C:\WINDOWS\system32\pmnoool.dll
    C:\WINDOWS\system32\qomjkih.dll
    C:\WINDOWS\system32\qommmkk.dll
    C:\WINDOWS\system32\qomnlji.dll
    C:\WINDOWS\system32\rqromjg.dll
    C:\WINDOWS\system32\rqrpomn.dll
    C:\WINDOWS\system32\tuvtrqp.dll
    C:\WINDOWS\system32\urqnopp.dll
    C:\WINDOWS\system32\urqoppp.dll
    C:\WINDOWS\system32\urqpqpo.dll
    C:\WINDOWS\system32\urqroop.dll
    C:\WINDOWS\system32\urqrpmj.dll
    C:\WINDOWS\system32\urqrpom.dll
    C:\WINDOWS\system32\vturqpo.dll
    C:\WINDOWS\system32\vtutsts.dll
    C:\WINDOWS\system32\vtututq.dll
    C:\WINDOWS\system32\vtutuvw.dll
    C:\WINDOWS\system32\vtuuttu.dll
    C:\WINDOWS\system32\vtuvtut.dll
    C:\WINDOWS\system32\wvutstt.dll
    C:\WINDOWS\system32\wvuttqn.dll
    C:\WINDOWS\system32\wvuursq.dll
    C:\WINDOWS\system32\wvuvvst.dll
    C:\WINDOWS\system32\wvuvwtt.dll
    C:\WINDOWS\system32\xxyawtt.dll
    C:\WINDOWS\system32\xxyaxyx.dll
    C:\WINDOWS\system32\xxyayxw.dll
    C:\WINDOWS\system32\xxyvvus.dll
    C:\WINDOWS\system32\xxyvwtu.dll
    C:\WINDOWS\system32\yayyayy.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqpmj.dll
    C:\WINDOWS\system32\awtqpmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awtrstu.dll
    C:\WINDOWS\system32\awtrstu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awturon.dll
    C:\WINDOWS\system32\awturon.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\byxwxwt.dll
    C:\WINDOWS\system32\byxwxwt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\byxyaxy.dll
    C:\WINDOWS\system32\byxyaxy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\byxyvtr.dll
    C:\WINDOWS\system32\byxyvtr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxusqr.dll
    C:\WINDOWS\system32\cbxusqr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxusro.dll
    C:\WINDOWS\system32\cbxusro.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxvuss.dll
    C:\WINDOWS\system32\cbxvuss.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxvwxv.dll
    C:\WINDOWS\system32\cbxvwxv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxxuvv.dll
    C:\WINDOWS\system32\cbxxuvv.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\cbxxyxv.dll
    C:\WINDOWS\system32\cbxxyxv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxyyyv.dll
    C:\WINDOWS\system32\cbxyyyv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcbyxu.dll
    C:\WINDOWS\system32\ddcbyxu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcccyy.dll
    C:\WINDOWS\system32\ddcccyy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcdcde.dll
    C:\WINDOWS\system32\ddcdcde.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\efcbbcd.dll
    C:\WINDOWS\system32\efcbbcd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\ElkCtrl.exe Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\fccaaby.dll
    C:\WINDOWS\system32\fccaaby.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccdeee.dll
    C:\WINDOWS\system32\fccdeee.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebbbxw.dll
    C:\WINDOWS\system32\gebbbxw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebbywu.dll
    C:\WINDOWS\system32\gebbywu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebcywt.dll
    C:\WINDOWS\system32\gebcywt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebxxwx.dll
    C:\WINDOWS\system32\gebxxwx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gebyyww.dll
    C:\WINDOWS\system32\gebyyww.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hauppauge\DivX.dll
    C:\WINDOWS\system32\hauppauge\DivX.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hgghihh.dll
    C:\WINDOWS\system32\hgghihh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iifeefc.dll
    C:\WINDOWS\system32\iifeefc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iiffdec.dll
    C:\WINDOWS\system32\iiffdec.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\iifgefd.dll
    C:\WINDOWS\system32\iifgefd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfcayw.dll
    C:\WINDOWS\system32\khfcayw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfcyya.dll
    C:\WINDOWS\system32\khfcyya.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfebxv.dll
    C:\WINDOWS\system32\khfebxv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfecax.dll
    C:\WINDOWS\system32\khfecax.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfedcy.dll
    C:\WINDOWS\system32\khfedcy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khfeeda.dll
    C:\WINDOWS\system32\khfeeda.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\khffgff.dll
    C:\WINDOWS\system32\khffgff.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljjgfgd.dll
    C:\WINDOWS\system32\ljjgfgd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljjghgd.dll
    C:\WINDOWS\system32\ljjghgd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljjhfca.dll
    C:\WINDOWS\system32\ljjhfca.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljjhfec.dll
    C:\WINDOWS\system32\ljjhfec.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljjighf.dll
    C:\WINDOWS\system32\ljjighf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ljjjgec.dll
    C:\WINDOWS\system32\ljjjgec.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljgfda.dll
    C:\WINDOWS\system32\mljgfda.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljhfee.dll
    C:\WINDOWS\system32\mljhfee.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljihfg.dll
    C:\WINDOWS\system32\mljihfg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljihhi.dll
    C:\WINDOWS\system32\mljihhi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljkijh.dll
    C:\WINDOWS\system32\mljkijh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnkkig.dll
    C:\WINDOWS\system32\nnnkkig.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnkkli.dll
    C:\WINDOWS\system32\nnnkkli.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnnmlm.dll
    C:\WINDOWS\system32\nnnnmlm.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnnnnkk.dll
    C:\WINDOWS\system32\nnnnnkk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnlife.dll
    C:\WINDOWS\system32\opnlife.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnljhi.dll
    C:\WINDOWS\system32\opnljhi.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnmjkl.dll
    C:\WINDOWS\system32\opnmjkl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnmmlk.dll
    C:\WINDOWS\system32\opnmmlk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnnmlj.dll
    C:\WINDOWS\system32\opnnmlj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnopnk.dll
    C:\WINDOWS\system32\opnopnk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnmlkk.dll
    C:\WINDOWS\system32\pmnmlkk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnonkh.dll
    C:\WINDOWS\system32\pmnonkh.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnoool.dll
    C:\WINDOWS\system32\pmnoool.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomjkih.dll
    C:\WINDOWS\system32\qomjkih.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qommmkk.dll
    C:\WINDOWS\system32\qommmkk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomnlji.dll
    C:\WINDOWS\system32\qomnlji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqromjg.dll
    C:\WINDOWS\system32\rqromjg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqrpomn.dll
    C:\WINDOWS\system32\rqrpomn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\tuvtrqp.dll
    C:\WINDOWS\system32\tuvtrqp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqnopp.dll
    C:\WINDOWS\system32\urqnopp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqoppp.dll
    C:\WINDOWS\system32\urqoppp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqpqpo.dll
    C:\WINDOWS\system32\urqpqpo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqroop.dll
    C:\WINDOWS\system32\urqroop.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqrpmj.dll
    C:\WINDOWS\system32\urqrpmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\urqrpom.dll
    C:\WINDOWS\system32\urqrpom.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vturqpo.dll
    C:\WINDOWS\system32\vturqpo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtutsts.dll
    C:\WINDOWS\system32\vtutsts.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtututq.dll
    C:\WINDOWS\system32\vtututq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtutuvw.dll
    C:\WINDOWS\system32\vtutuvw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtuuttu.dll
    C:\WINDOWS\system32\vtuuttu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vtuvtut.dll
    C:\WINDOWS\system32\vtuvtut.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvutstt.dll
    C:\WINDOWS\system32\wvutstt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvuttqn.dll
    C:\WINDOWS\system32\wvuttqn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvuursq.dll
    C:\WINDOWS\system32\wvuursq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvuvvst.dll
    C:\WINDOWS\system32\wvuvvst.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvuvwtt.dll
    C:\WINDOWS\system32\wvuvwtt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyawtt.dll
    C:\WINDOWS\system32\xxyawtt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyaxyx.dll
    C:\WINDOWS\system32\xxyaxyx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyayxw.dll
    C:\WINDOWS\system32\xxyayxw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyvvus.dll
    C:\WINDOWS\system32\xxyvvus.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyvwtu.dll
    C:\WINDOWS\system32\xxyvwtu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yayyayy.dll
    C:\WINDOWS\system32\yayyayy.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\cbxxuvv.dll
    C:\WINDOWS\system32\cbxxuvv.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\ElkCtrl.exe Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...
    0
  7. Utilisateur anonyme
     
    jolie c'etait une grande famille de mafieux ceux la ! lol virtumondobegone maintenant et apres un nouvel hijackthis stp !
    0
  8. tontonsem Messages postés 29 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:03:20, on 17/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Spyware Doctor\SDTrayApp .exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor .exe
    C:\WINDOWS\system32\msgrlive.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Logitech\Video\CameraAssistant .exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    F3 - REG:win.ini: load=C:\WINDOWS\system32\pmnlk.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SDR6V_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ogsrajktbr] c:\windows\system32\ogsrajktbr.exe ogsrajktbr
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [Windows Live Messenger!] msgrlive.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [mbr] C:\WINDOWS\system32\mbr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - C:\WINDOWS\system32\controlkids2.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: mljgggf - C:\WINDOWS\SYSTEM32\mljgggf.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Print Spooler Service (n3xyyzyi8) - Unknown owner - C:\WINDOWS\system32\mbr.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  9. Utilisateur anonyme
     
    itu as oublier de me poster le rapport de vitumondo begone !
    0
  10. tontonsem Messages postés 29 Statut Membre
     
    1/17/2008, 17:07:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sêmiyou APITHY\Mes documents\VirtumundoBeGone.exe" )
    [01/17/2008, 17:07:20] - Detected System Information:
    [01/17/2008, 17:07:20] - Windows Version: 5.1.2600, Service Pack 2
    [01/17/2008, 17:07:20] - Current Username: Sêmiyou APITHY (Admin)
    [01/17/2008, 17:07:21] - Windows is in NORMAL mode.
    [01/17/2008, 17:07:21] - Searching for Browser Helper Objects:
    [01/17/2008, 17:07:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [01/17/2008, 17:07:21] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [01/17/2008, 17:07:21] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [01/17/2008, 17:07:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/17/2008, 17:07:21] - No filename found. Continuing.
    [01/17/2008, 17:07:21] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [01/17/2008, 17:07:21] - BHO 5: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
    [01/17/2008, 17:07:21] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [01/17/2008, 17:07:21] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [01/17/2008, 17:07:21] - BHO 8: {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} ()
    [01/17/2008, 17:07:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/17/2008, 17:07:21] - Checking for HKLM\...\Winlogon\Notify\urqnkji
    [01/17/2008, 17:07:21] - Found: HKLM\...\Winlogon\Notify\urqnkji - This is probably Virtumundo.
    [01/17/2008, 17:07:21] - Assigning {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} MSEvents Object
    [01/17/2008, 17:07:21] - BHO list has been changed! Starting over...
    [01/17/2008, 17:07:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [01/17/2008, 17:07:21] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [01/17/2008, 17:07:21] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [01/17/2008, 17:07:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/17/2008, 17:07:21] - No filename found. Continuing.
    [01/17/2008, 17:07:21] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [01/17/2008, 17:07:22] - BHO 5: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
    [01/17/2008, 17:07:22] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [01/17/2008, 17:07:22] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [01/17/2008, 17:07:22] - BHO 8: {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} (MSEvents Object)
    [01/17/2008, 17:07:22] - ALERT: Found MSEvents Object!
    [01/17/2008, 17:07:22] - BHO 9: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
    [01/17/2008, 17:07:22] - Finished Searching Browser Helper Objects
    [01/17/2008, 17:07:22] - *** Detected MSEvents Object
    [01/17/2008, 17:07:22] - Trying to remove MSEvents Object...
    [01/17/2008, 17:07:23] - Terminating Process: IEXPLORE.EXE
    [01/17/2008, 17:07:24] - Terminating Process: RUNDLL32.EXE
    [01/17/2008, 17:07:25] - Disabling Automatic Shell Restart
    [01/17/2008, 17:07:25] - Terminating Process: EXPLORER.EXE
    [01/17/2008, 17:07:25] - Suspending the NT Session Manager System Service
    [01/17/2008, 17:07:26] - Terminating Windows NT Logon/Logoff Manager
    [01/17/2008, 17:07:26] - Re-enabling Automatic Shell Restart
    [01/17/2008, 17:07:27] - File to disable: C:\WINDOWS\system32\urqnkji.dll
    [01/17/2008, 17:07:27] - Renaming C:\WINDOWS\system32\urqnkji.dll -> C:\WINDOWS\system32\urqnkji.dll.vir
    [01/17/2008, 17:07:27] - File successfully renamed!
    [01/17/2008, 17:07:27] - Removing HKLM\...\Browser Helper Objects\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
    [01/17/2008, 17:07:27] - Removing HKCR\CLSID\{FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
    [01/17/2008, 17:07:27] - Adding Kill Bit for ActiveX for GUID: {FC1B64D9-3499-4791-82D5-AABAC3FAEA45}
    [01/17/2008, 17:07:28] - Deleting ATLEvents/MSEvents Registry entries
    [01/17/2008, 17:07:28] - Removing HKLM\...\Winlogon\Notify\urqnkji
    [01/17/2008, 17:07:28] - Searching for Browser Helper Objects:
    [01/17/2008, 17:07:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
    [01/17/2008, 17:07:28] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [01/17/2008, 17:07:28] - BHO 3: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [01/17/2008, 17:07:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [01/17/2008, 17:07:28] - No filename found. Continuing.
    [01/17/2008, 17:07:28] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    [01/17/2008, 17:07:28] - BHO 5: {9CB65201-89C4-402c-BA80-02D8C59F9B1D} (Ask Search Assistant BHO)
    [01/17/2008, 17:07:28] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    [01/17/2008, 17:07:28] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    [01/17/2008, 17:07:28] - BHO 8: {FE063DB1-4EC0-403e-8DD8-394C54984B2C} (Ask Toolbar BHO)
    [01/17/2008, 17:07:28] - Finished Searching Browser Helper Objects
    [01/17/2008, 17:07:28] - Finishing up...
    [01/17/2008, 17:07:28] - A restart is needed.
    [01/17/2008, 17:07:34] - Attempting to Restart via STOP error (Blue Screen!)

    [01/17/2008, 18:17:08] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sêmiyou APITHY\Bureau\VirtumundoBeGone.exe" )
    [01/17/2008, 18:17:32] - User choose NOT to continue. Exiting...
    0
  11. tontonsem Messages postés 29 Statut Membre
     
    Carrossier13
    C'est ça tu voulais?
    Au moins avec toi ,je comprends ce ke tu me demandes de faire.IL y en a d'autres,ils te disent,faire ceci,faire celà,alors ke je suis nulle en informatique.
    Merçi encore.
    J'attends maintenant ta proposition.
    0
  12. Utilisateur anonyme
     
    j'essais d'etre clair mais ce n'est pas toujours evident !

    Télécharge Combofix.exe de sUBs sur ton Bureau,

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement

    Double clique sur Combofix.exe
    Mets le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan
    Lorsque le scan sera terminé, un rapport apparaîtra.

    Poste lerapport dans ta prochaine réponse.

    Note : Le rapport se trouve également là : C:\Combofix.txt+

    Note : Si ton Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Onglet "Processus" > Fichier (menu) > Nouvelle tâche (Exécuter...) > tape explorer et clique sur OK.
    0
  13. tontonsem Messages postés 29 Statut Membre
     
    Carrosier13,
    J'ai désactivé AVAST et fermé les fenêtres internet comme tu m'as dis,le SCAN a été fait,mon ordi a redémarré,AVAST s'est mis en marche au démarrage,et j'ai eu ce rapport à la fin:

    ComboFix 08-01-17.5 - Sêmiyou APITHY 2008-01-17 18:41:01.1 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.48 [GMT 1:00]
    Running from: C:\Documents and Settings\Sêmiyou APITHY\Bureau\ComboFix.exe
    * Created a new restore point

    [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Sêmiyou APITHY\err.log
    C:\Documents and Settings\Sêmiyou APITHY\ResErrors.log
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\cbxxuvv.dll
    C:\WINDOWS\system32\ctfmon.exe.tmp
    C:\WINDOWS\system32\gebaxyy.dll
    C:\WINDOWS\system32\klnmp.ini
    C:\WINDOWS\system32\klnmp.ini2
    C:\WINDOWS\system32\mljgggf.dll
    C:\WINDOWS\system32\nvs2.inf
    C:\WINDOWS\system32\pmnlk.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SMTPDRV
    -------\runtime
    -------\smtpdrv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
    .

    2008-01-17 18:49 . 335,360 C:\WINDOWS\system32\pmnlk.dll
    2008-01-17 18:38 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2008-01-17 17:45 . 2008-01-17 17:45 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-01-17 17:23 . 2008-01-17 17:23 <REP> d-------- C:\VundoFix Backups
    2008-01-16 21:25 . 2008-01-16 21:25 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-01-16 21:25 . 2008-01-16 21:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-01-16 21:02 . 2008-01-16 21:02 <REP> d-------- C:\kav
    2008-01-16 19:19 . 2008-01-16 19:19 131,072 --a------ C:\WINDOWS\system32\mbr.exe
    2008-01-14 22:23 . 2008-01-14 22:23 <REP> d-------- C:\Program Files\Trend Micro
    2008-01-14 12:04 . 2008-01-14 12:04 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-01-14 02:14 . 2008-01-14 00:44 34,954,501 --a------ C:\WINDOWS\LPT$VPN.941
    2008-01-14 02:13 . 2008-01-14 02:13 <REP> d-------- C:\WINDOWS\AU_Temp
    2008-01-14 00:53 . 2008-01-14 00:53 355,840 --a------ C:\WINDOWS\system32\ctfmon.exe.RB0
    2008-01-14 00:45 . 2008-01-14 00:45 <REP> d-------- C:\WINDOWS\report
    2008-01-14 00:44 . 2008-01-14 00:44 <REP> d-------- C:\WINDOWS\AU_Backup
    2008-01-14 00:44 . 2008-01-14 00:44 34,954,501 --a------ C:\WINDOWS\VPTNFILE.941
    2008-01-14 00:44 . 2008-01-14 00:44 1,909,671 --a------ C:\WINDOWS\tsc.ptn
    2008-01-14 00:44 . 2008-01-14 02:14 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2008-01-14 00:44 . 2008-01-14 00:44 267,845 --a------ C:\WINDOWS\tsc.exe
    2008-01-14 00:44 . 2008-01-14 02:14 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2008-01-14 00:44 . 2008-01-14 00:44 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2008-01-14 00:44 . 2008-01-14 03:10 823 --a------ C:\WINDOWS\tsc.ini
    2008-01-14 00:43 . 2008-01-14 00:43 <REP> d-------- C:\WINDOWS\AU_Log
    2008-01-14 00:43 . 2008-01-14 00:43 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2008-01-14 00:43 . 2008-01-14 02:13 170 --a------ C:\WINDOWS\GetServer.ini
    2008-01-14 00:42 . 2008-01-14 00:43 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2008-01-14 00:42 . 2008-01-14 00:43 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2008-01-13 19:43 . 2008-01-13 19:43 <REP> d--hs---- C:\FOUND.005
    2008-01-13 19:40 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-01-13 19:40 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-01-13 19:40 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2008-01-13 19:40 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-01-13 19:40 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-01-13 19:40 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-01-13 19:40 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-01-13 19:40 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-01-13 19:31 . 2008-01-17 17:09 262,144 --a------ C:\WINDOWS\system32\ElkCtrl .exe
    2008-01-13 19:31 . 2008-01-13 20:46 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
    2008-01-13 19:21 . 2008-01-13 19:21 <REP> d--hs---- C:\FOUND.004
    2008-01-12 18:20 . 2008-01-12 18:20 39,424 --a------ C:\WINDOWS\system32\urqnkji.dll.vir
    2008-01-11 22:05 . 24,832 C:\WINDOWS\system32\drivers\Ijf80.sys
    2008-01-11 21:18 . 2008-01-11 17:55 71,168 -r-hs---- C:\WINDOWS\system32\msgrlive.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-17 14:32 90,112 ----a-w C:\WINDOWS\DUMP4229.tmp
    2007-12-04 20:28 --------- d-sh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2007-10-30 08:07 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    .
    [code]<pre>
    ----a-w 262,144 2008-01-17 16:09:00 C:\WINDOWS\system32\ElkCtrl .exe
    ----a-w 15,360 2008-01-13 19:46:22 C:\WINDOWS\system32\ctfmon .exe
    ----a-w 59,392 2008-01-13 18:59:36 C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
    ----a-w 455,168 2008-01-13 18:59:34 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
    ----a-w 208,952 2008-01-13 18:59:38 C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
    ----a-w 185,632 2008-01-17 17:49:32 C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    ----a-w 313,472 2008-01-13 20:01:52 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
    ----a-w 32,768 2008-01-17 17:49:40 C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    ----a-w 132,496 2008-01-17 17:49:40 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 68,856 2008-01-13 20:01:44 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
    ----a-w 1,836,544 2008-01-13 20:01:26 C:\Program Files\Google\Google Desktop Search\GoogleDesktop .exe
    ----a-w 79,224 2008-01-13 19:46:06 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
    ----a-w 489,472 2008-01-17 17:49:46 C:\Program Files\Logitech\Video\CameraAssistant .exe
    ----a-w 73,728 2008-01-13 20:01:34 C:\Program Files\Logitech\Video\InstallHelper .exe
    ----a-w 67,128 2008-01-13 20:02:10 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
    ----a-w 5,728,112 2008-01-14 00:13:54 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
    ----a-w 5,728,112 2008-01-13 19:46:20 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
    ----a-w 5,728,112 2008-01-14 00:21:40 C:\Program Files\Windows Live\Messenger\MsnMsgr .Exe
    ----a-w 1,065,288 2008-01-17 17:49:42 C:\Program Files\Spyware Doctor\SDTrayApp .exe
    ----a-w 397,312 2008-01-17 17:49:46 C:\Acer\Empowering Technology\eRecovery\Monitor .exe
    </pre>[/code]

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-01-14 01:21 5728112]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-14 01:16 68856]
    "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-14 01:20 67128]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
    "VoipCheapCom"="C:\Program Files\VoipCheapCom\VoipCheapCom.exe" [ ]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-14 01:10 313472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-01-13 20:45 525824]
    "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-14 01:16 1836544]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-13 19:59 1623040]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-13 19:59 475648]
    "SoundMan"="SOUNDMAN.EXE" [2005-08-17 10:39 90112 C:\WINDOWS\SOUNDMAN.EXE]
    "SiSPower"="SiSPower.dll" [2005-07-13 02:55 49152 C:\WINDOWS\system32\SiSPower.dll]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-13 19:59 373760]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [ ]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
    "LaunchApp"="Alaunch" []
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [ ]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2008-01-13 19:59 759808]
    "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2008-01-13 19:59 856064]
    "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2008-01-14 01:20 73728]
    "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [ ]
    "Windows Live Messenger!"="msgrlive.exe" [2008-01-11 17:55 71168 C:\WINDOWS\system32\msgrlive.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "mbr"="C:\WINDOWS\system32\mbr.exe" [2008-01-16 19:19 131072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "mbr"="C:\WINDOWS\system32\mbr.exe" [2008-01-16 19:19 131072]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{8CD034DD-E9AD-47D3-8689-51886345799C}"= C:\WINDOWS\system32\mljgggf.dll [ ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ijf80.sys]
    @="Driver"

    R0 Ijf80;Ijf80;C:\WINDOWS\system32\Drivers\Ijf80.sys []
    R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
    R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
    R3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 23:14]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]
    S2 n3xyyzyi8;Print Spooler Service;C:\WINDOWS\system32\mbr.exe [2008-01-16 19:19]
    S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58]
    S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58]
    S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58]
    S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58]
    S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58]
    S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58]
    S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-01-04 14:00:02 C:\WINDOWS\Tasks\Norton Security Scan.job"
    - C:\Program Files\Norton Security Scan\Nss.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-17 18:49:41
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-01-17 18:54:31 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-17 17:54:22
    .
    2008-01-08 22:56:43 --- E O F ---
    0
  14. tontonsem Messages postés 29 Statut Membre
     
    Le Carrosier13,
    J'attends toujours ta solution STP.
    0
  15. Utilisateur anonyme
     
    je travaille sur ton script ! sois patient ton pc dois deja se sentir un peu mieux ?
    0
  16. g!rly Messages postés 18462 Statut Contributeur 407
     
    pour suivre...
    0
  17. Utilisateur anonyme
     
    en plus quand je te disais que je travail sur ton cas je voulais dire ons travail sur ton cas , car j'ai l'aide de ma grande soeur qui est tueuse professionnel de virus ,la tele s'en ai inspire pour cree buffy contre les vampires , sauf que ma soeur est encore plus belle que buffy!!!

    relance stp hijackthis do a scan systeme and save log copie et colle le rapport stp !
    0
  18. g!rly Messages postés 18462 Statut Contributeur 407
     
    LOL
    0
  19. tontonsem Messages postés 29 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:31:40, on 17/01/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched .exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ .exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\Spyware Doctor\SDTrayApp .exe
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\msgrlive.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\mbr.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor .exe
    C:\Program Files\Logitech\Video\CameraAssistant .exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [Windows Live Messenger!] msgrlive.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [mbr] C:\WINDOWS\system32\mbr.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\RunServices: [mbr] C:\WINDOWS\system32\mbr.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [VoipCheapCom] "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" -nosplash -minimized
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Print Spooler Service (n3xyyzyi8) - Unknown owner - C:\WINDOWS\system32\mbr.exe
    O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    0
  20. tontonsem Messages postés 29 Statut Membre
     
    Le Carrosier de Marseille,
    C'est vrai ke le cheval de troi n'apparait plus depuis quelques minutes.
    Tu travail vraiment sur mon cas là?
    Ah !!!!!!!!j'y crois pas kon peut intervenir sur mon ordi à distance comme ça.
    J'attends vraiment pour voir.
    J'y crois pas,c'est fou internet !!!!!!!
    Prends bien ton temps alors pour m'enlever tous ces "enmerdes"
    Merçi d'avance, avant le grand merçi.
    0
  • 1
  • 2
  • 3