Virus virtumonde!! Résolu/Fermé

Question

Bonjour,

depuis quelque temps mon pc bugge...
En fesant plusieurs scans j'ai remarqué que le virus VirtuMonde est présent mais impossible de le supprimer!
Du coup, j'ai pleins de pubs me signalant que mon pc est infecté, contre les virus,...
J'ai tout fait Spybot, clean up, Avast,... mais impossible de le supprimer!

pour vous eclaircir je vous joins ici un rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:55, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\windows\system32	cpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\windows\system32\UAService7.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\ctfmon.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\windows\system32undll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Encarta\Collection Encarta 2004\EDICT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [90cba526] rundll32.exe "C:\windows\system32\mihdubos.dll",b
O4 - HKLM\..\Run: [BM93f896ba] Rundll32.exe "C:\windows\system32\aopkflao.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\windows\TEMP\E_S126.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Trial\CalCheck.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.photolitto.com/
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp05.photoprintit.de/microsite/30/defaults/activex/IPSUploader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D493C8E-9E83-4454-912B-7731523817B0}: NameServer = 212.87.96.9 87.236.216.220
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\windows\system32\UAService7.exe

ep44 · Answer

Bonjour 

suit ces étapes dans l'ordre 


tu vas refaire un rapport hijack mais avant tu vas le renommer 
tu vas dans C:==> programfiles==>trend micro ==> tu ouvre hijack et tu renomme hijack avec le petit bohomme avec la loupe  par dovy.exe
et reposte un raport 


ensuite 
Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt

ensuite 
Télécharge VirtumundoBeGone  sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici

ensuite 
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

@+

d0vy · Answer

J'ai oublié de vous préciser que j'ai des fenêtres qui s'ouvrent sous le nom de Microsoft Visual C++ Runtime librairy
avec comme message " Program C:/windows/explorer.exe
A buffer overrun has been detected which has corrupted the program is internal state the program cannot safely continue exection and must now be termined."

ep44 · Answer

fait ce que je viens de t'indiquer 
@+

d0vy · Answer

Voilà déja le rapport hijackthis. 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:42, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\windows\system32	cpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\windows\system32\UAService7.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\ctfmon.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\windows\system32undll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Encarta\Collection Encarta 2004\EDICT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\dovy.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0BAE8A84-B193-4A36-BBF2-7672495360F0} - (no file)
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {1B539C9F-F0A0-4826-908E-CD1C01F1952D} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {2A8F5AE7-F4BC-48C2-A83B-EA8CB83EFE2F} - (no file)
O2 - BHO: (no name) - {2BBC45FC-F56C-4B0E-8C8B-1D973F3D7068} - (no file)
O2 - BHO: (no name) - {337C034E-F478-4142-93FF-358FEDD5F5C1} - (no file)
O2 - BHO: (no name) - {38A8566C-F5F1-4AEE-BD1D-76C4AC424539} - (no file)
O2 - BHO: (no name) - {3DE1728C-0010-47E0-8AA1-E22FADF90C99} - (no file)
O2 - BHO: (no name) - {409D8EB6-0BF4-4FAC-B0A2-F11D18F807F1} - (no file)
O2 - BHO: (no name) - {4EE4AD0F-1E23-401F-B4F9-CCD64B956A1A} - (no file)
O2 - BHO: (no name) - {52097E44-D3C9-456E-9717-6AC3F6C6CEA8} - (no file)
O2 - BHO: (no name) - {52879D60-D030-440E-99C2-07E2B0A5353C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: (no name) - {716EAC39-14FE-441D-BD71-090D81A71CC2} - (no file)
O2 - BHO: (no name) - {72C83417-35C4-494A-B3A9-30A66FAC95D5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {76EA59F5-0FF4-45F8-9667-ADBB1C63D5E1} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83E648CF-AEFC-425F-A804-2302FE82F4C5} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AF68C56-89E9-4FA9-8D2A-32910337635A} - (no file)
O2 - BHO: (no name) - {A33A1DD7-F950-4466-A4A2-45D8499434E4} - (no file)
O2 - BHO: (no name) - {A4E5F008-1722-4249-B22E-36A7307299B8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B23FD017-220F-4CA5-A9FC-F2AA84C70F18} - (no file)
O2 - BHO: (no name) - {b2512e6f-23fe-4894-a23c-af7d8edc04d7} - (no file)
O2 - BHO: (no name) - {B695415A-B151-4780-A948-80A668906853} - (no file)
O2 - BHO: (no name) - {B77F72D8-851A-4445-B3E5-901C15357D33} - (no file)
O2 - BHO: (no name) - {BE2ACAD0-BB0D-4773-9B41-1D584025651A} - (no file)
O2 - BHO: (no name) - {BEF65E04-2759-4E79-BD8C-EE7699F0E0FA} - (no file)
O2 - BHO: (no name) - {C529DBC3-8AB3-4488-9457-DBDF20B3388B} - (no file)
O2 - BHO: (no name) - {CFD3E93D-A3D2-4A4D-8840-2D623F628CA2} - (no file)
O2 - BHO: (no name) - {D08B996D-6570-4862-849F-A5FE1E1FFA04} - (no file)
O2 - BHO: (no name) - {D1F0E831-8A3F-4EBE-8AC5-427DC723B36A} - (no file)
O2 - BHO: {160074c6-a198-4b69-b1a4-053a02c7c0dd} - {dd0c7c20-a350-4a1b-96b4-891a6c470061} - C:\windows\system32\ajhimehj.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EA76B718-90E3-4CAF-B289-DB5115A20382} - (no file)
O2 - BHO: (no name) - {F2817DDF-5D6F-419A-808E-A4D7AF105889} - (no file)
O2 - BHO: (no name) - {F46773C7-988C-496C-B887-A77AE316E899} - (no file)
O2 - BHO: (no name) - {F9CD65D1-3B32-4B02-939F-EF9255AE1827} - C:\windows\system32\vtsqn.dll
O2 - BHO: (no name) - {F9FDCC9B-D316-4CA3-AF9B-E8EA9382F572} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [90cba526] rundll32.exe "C:\windows\system32\mihdubos.dll",b
O4 - HKLM\..\Run: [BM93f896ba] Rundll32.exe "C:\windows\system32\aopkflao.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\windows\TEMP\E_S126.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Trial\CalCheck.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.photolitto.com/
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp05.photoprintit.de/microsite/30/defaults/activex/IPSUploader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D493C8E-9E83-4454-912B-7731523817B0}: NameServer = 212.87.96.9 87.236.216.220
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
O20 - Winlogon Notify: iifcyvv - iifcyvv.dll (file missing)
O20 - Winlogon Notify: mllmk - C:\windows\system32\mllmk.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\windows\system32\pmnno.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\windows\system32\UAService7.exe

d0vy · Answer

Voilà déja le rapport hijackthis. 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:42, on 24/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\windows\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\PnkBstrB.exe
C:\windows\system32	cpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\system32\svchost.exe
C:\windows\system32\UAService7.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\windows\system32\ctfmon.exe
C:\windows\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\D-Tools\daemon.exe
C:\windows\system32undll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Encarta\Collection Encarta 2004\EDICT.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\dovy.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0BAE8A84-B193-4A36-BBF2-7672495360F0} - (no file)
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: (no name) - {1B539C9F-F0A0-4826-908E-CD1C01F1952D} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
O2 - BHO: (no name) - {2A8F5AE7-F4BC-48C2-A83B-EA8CB83EFE2F} - (no file)
O2 - BHO: (no name) - {2BBC45FC-F56C-4B0E-8C8B-1D973F3D7068} - (no file)
O2 - BHO: (no name) - {337C034E-F478-4142-93FF-358FEDD5F5C1} - (no file)
O2 - BHO: (no name) - {38A8566C-F5F1-4AEE-BD1D-76C4AC424539} - (no file)
O2 - BHO: (no name) - {3DE1728C-0010-47E0-8AA1-E22FADF90C99} - (no file)
O2 - BHO: (no name) - {409D8EB6-0BF4-4FAC-B0A2-F11D18F807F1} - (no file)
O2 - BHO: (no name) - {4EE4AD0F-1E23-401F-B4F9-CCD64B956A1A} - (no file)
O2 - BHO: (no name) - {52097E44-D3C9-456E-9717-6AC3F6C6CEA8} - (no file)
O2 - BHO: (no name) - {52879D60-D030-440E-99C2-07E2B0A5353C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
O2 - BHO: (no name) - {716EAC39-14FE-441D-BD71-090D81A71CC2} - (no file)
O2 - BHO: (no name) - {72C83417-35C4-494A-B3A9-30A66FAC95D5} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {76EA59F5-0FF4-45F8-9667-ADBB1C63D5E1} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83E648CF-AEFC-425F-A804-2302FE82F4C5} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9AF68C56-89E9-4FA9-8D2A-32910337635A} - (no file)
O2 - BHO: (no name) - {A33A1DD7-F950-4466-A4A2-45D8499434E4} - (no file)
O2 - BHO: (no name) - {A4E5F008-1722-4249-B22E-36A7307299B8} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B23FD017-220F-4CA5-A9FC-F2AA84C70F18} - (no file)
O2 - BHO: (no name) - {b2512e6f-23fe-4894-a23c-af7d8edc04d7} - (no file)
O2 - BHO: (no name) - {B695415A-B151-4780-A948-80A668906853} - (no file)
O2 - BHO: (no name) - {B77F72D8-851A-4445-B3E5-901C15357D33} - (no file)
O2 - BHO: (no name) - {BE2ACAD0-BB0D-4773-9B41-1D584025651A} - (no file)
O2 - BHO: (no name) - {BEF65E04-2759-4E79-BD8C-EE7699F0E0FA} - (no file)
O2 - BHO: (no name) - {C529DBC3-8AB3-4488-9457-DBDF20B3388B} - (no file)
O2 - BHO: (no name) - {CFD3E93D-A3D2-4A4D-8840-2D623F628CA2} - (no file)
O2 - BHO: (no name) - {D08B996D-6570-4862-849F-A5FE1E1FFA04} - (no file)
O2 - BHO: (no name) - {D1F0E831-8A3F-4EBE-8AC5-427DC723B36A} - (no file)
O2 - BHO: {160074c6-a198-4b69-b1a4-053a02c7c0dd} - {dd0c7c20-a350-4a1b-96b4-891a6c470061} - C:\windows\system32\ajhimehj.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EA76B718-90E3-4CAF-B289-DB5115A20382} - (no file)
O2 - BHO: (no name) - {F2817DDF-5D6F-419A-808E-A4D7AF105889} - (no file)
O2 - BHO: (no name) - {F46773C7-988C-496C-B887-A77AE316E899} - (no file)
O2 - BHO: (no name) - {F9CD65D1-3B32-4B02-939F-EF9255AE1827} - C:\windows\system32\vtsqn.dll
O2 - BHO: (no name) - {F9FDCC9B-D316-4CA3-AF9B-E8EA9382F572} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [90cba526] rundll32.exe "C:\windows\system32\mihdubos.dll",b
O4 - HKLM\..\Run: [BM93f896ba] Rundll32.exe "C:\windows\system32\aopkflao.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\windows\TEMP\E_S126.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Photo Express SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
O4 - Global Startup: Ulead Photo Express Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 Trial\CalCheck.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - https://www.118712.fr/sortir/75_paris/sortir/
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - https://www.photolitto.com/
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp05.photoprintit.de/microsite/30/defaults/activex/IPSUploader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D493C8E-9E83-4454-912B-7731523817B0}: NameServer = 212.87.96.9 87.236.216.220
O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
O20 - Winlogon Notify: iifcyvv - iifcyvv.dll (file missing)
O20 - Winlogon Notify: mllmk - C:\windows\system32\mllmk.dll (file missing)
O20 - Winlogon Notify: pmnno - C:\windows\system32\pmnno.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\windows\system32\UAService7.exe

ep44 · Answer

et bien ça porte ses fruits ;-)

il faut suivre ce qui suit 
un peu long mais tu doit tout faire pour faire un bon ménage 
et poste tout les rapports stp

relance hijack et coche ceci 

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
	O2 - BHO: (no name) - {0BAE8A84-B193-4A36-BBF2-7672495360F0} - (no file)
	O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
	O2 - BHO: (no name) - {1B539C9F-F0A0-4826-908E-CD1C01F1952D} - (no file)
	O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - (no file)
	O2 - BHO: (no name) - {2A8F5AE7-F4BC-48C2-A83B-EA8CB83EFE2F} - (no file)
	O2 - BHO: (no name) - {2BBC45FC-F56C-4B0E-8C8B-1D973F3D7068} - (no file)
	O2 - BHO: (no name) - {337C034E-F478-4142-93FF-358FEDD5F5C1} - (no file)
	O2 - BHO: (no name) - {38A8566C-F5F1-4AEE-BD1D-76C4AC424539} - (no file)
	O2 - BHO: (no name) - {3DE1728C-0010-47E0-8AA1-E22FADF90C99} - (no file)
	O2 - BHO: (no name) - {409D8EB6-0BF4-4FAC-B0A2-F11D18F807F1} - (no file)
	O2 - BHO: (no name) - {4EE4AD0F-1E23-401F-B4F9-CCD64B956A1A} - (no file)
	O2 - BHO: (no name) - {52097E44-D3C9-456E-9717-6AC3F6C6CEA8} - (no file)
	O2 - BHO: (no name) - {52879D60-D030-440E-99C2-07E2B0A5353C} - (no file)
	O2 - BHO: (no name) - {6A87B991-A31F-4130-AE72-6D0C294BF082} - (no file)
	O2 - BHO: (no name) - {716EAC39-14FE-441D-BD71-090D81A71CC2} - (no file)
	O2 - BHO: (no name) - {72C83417-35C4-494A-B3A9-30A66FAC95D5} - (no file)
	O2 - BHO: (no name) - {76EA59F5-0FF4-45F8-9667-ADBB1C63D5E1} - (no file)
	O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
	O2 - BHO: (no name) - {83E648CF-AEFC-425F-A804-2302FE82F4C5} - (no file)
	O2 - BHO: (no name) - {9AF68C56-89E9-4FA9-8D2A-32910337635A} - (no file)
	O2 - BHO: (no name) - {A33A1DD7-F950-4466-A4A2-45D8499434E4} - (no file)
	O2 - BHO: (no name) - {A4E5F008-1722-4249-B22E-36A7307299B8} - (no file)
	O2 - BHO: (no name) - {B23FD017-220F-4CA5-A9FC-F2AA84C70F18} - (no file)
	O2 - BHO: (no name) - {b2512e6f-23fe-4894-a23c-af7d8edc04d7} - (no file)
	O2 - BHO: (no name) - {B695415A-B151-4780-A948-80A668906853} - (no file)
	O2 - BHO: (no name) - {B77F72D8-851A-4445-B3E5-901C15357D33} - (no file)
	O2 - BHO: (no name) - {BE2ACAD0-BB0D-4773-9B41-1D584025651A} - (no file)
	O2 - BHO: (no name) - {BEF65E04-2759-4E79-BD8C-EE7699F0E0FA} - (no file)
	O2 - BHO: (no name) - {C529DBC3-8AB3-4488-9457-DBDF20B3388B} - (no file)
	O2 - BHO: (no name) - {CFD3E93D-A3D2-4A4D-8840-2D623F628CA2} - (no file)
	O2 - BHO: (no name) - {D08B996D-6570-4862-849F-A5FE1E1FFA04} - (no file)
	O2 - BHO: (no name) - {D1F0E831-8A3F-4EBE-8AC5-427DC723B36A} - (no file)
	O2 - BHO: {160074c6-a198-4b69-b1a4-053a02c7c0dd} - {dd0c7c20-a350-4a1b-96b4-891a6c470061} - C:\windows\system32\ajhimehj.dll
	O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
	O2 - BHO: (no name) - {EA76B718-90E3-4CAF-B289-DB5115A20382} - (no file)
	O2 - BHO: (no name) - {F2817DDF-5D6F-419A-808E-A4D7AF105889} - (no file)
	O2 - BHO: (no name) - {F46773C7-988C-496C-B887-A77AE316E899} - (no file)
	O2 - BHO: (no name) - {F9FDCC9B-D316-4CA3-AF9B-E8EA9382F572} - (no file)
	O4 - HKLM\..\Run: [90cba526] rundll32.exe "C:\windows\system32\mihdubos.dll",b
	O4 - HKLM\..\Run: [BM93f896ba] Rundll32.exe "C:\windows\system32\aopkflao.dll",s
	O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
	O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
	O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.be/ImageUploader4.cab
	O20 - Winlogon Notify: awtqq - C:\WINDOWS\system32\awtqq.dll (file missing)
	O20 - Winlogon Notify: iifcyvv - iifcyvv.dll (file missing)
	O20 - Winlogon Notify: mllmk - C:\windows\system32\mllmk.dll (file missing)
	O20 - Winlogon Notify: pmnno - C:\windows\system32\pmnno.dll (file missing)
	O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe


ensuite tu clique sur fix checked 

-------------------------------------------------------------------------------------------------------------
ensuite exécute ce qui suit 
et poste tout les rapports 

Télécharge sur le Bureau.
http://www.atribune.org/ccount/click.php?id=4

=> Double-clic VundoFix.exe.
=> Clic OK
=> Attendre le redemarrage de Vundofix
=> Clic Scan for Vundo
=> Le scan est assez long , à la fin
=> Clic Remove Vundo
=> Puis yes
=> Le Bureau disparaît un moment lors de la suppression des fichiers.
=> Message shutdown
=> clic OK
=> Redémarrage auto
=> copier le rapport qui est dans C:vundofix.txt
-----------------------------------------------------------------------------
ensuite 
Télécharge VirtumundoBeGone  sur ton bureau .
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 
=> double-clic sur VirtumundoBeGone.exe
=> Suis les instructions à l'écran
=> Quand le scan est terminé, enregistre le rapport.
=> Copie/Colle le ici

-----------------------------------------------------------------------------
ensuite 

Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
-------------------------------------------------------------------------------
ensuite 
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec 

------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------

= Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
= Appuie sur Y pour commencer le processus de nettoyage.
= Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
= Appuie sur une touche pour redémarrer le PC.
= Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
= Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
= Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
= Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
= Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
@+

d0vy · Answer

est-ce normal que pour Vundofix j'obtiens ceci?

VundoFix V7.0.3

Scan started at 11:03:40 24/03/2008

Listing files found while scanning....

No infected files were found.

d0vy · Answer

est-ce normal que pour Vundofix j'obtiens ceci?

VundoFix V7.0.3

Scan started at 11:03:40 24/03/2008

Listing files found while scanning....

No infected files were found.

ep44 · Answer

continu à poster les autres rapports 
@+

d0vy · Answer

Volà le rapport VirtumundoBeGone , et quin'a rien trouvé je pense =(



[03/24/2008, 11:27:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Propriétaire\Bureau\VirtumundoBeGone.exe" )
[03/24/2008, 11:27:43] - Detected System Information:
[03/24/2008, 11:27:43] -  Windows Version: 5.1.2600, Service Pack 2
[03/24/2008, 11:27:43] -  Current Username: Propriétaire (Admin)
[03/24/2008, 11:27:43] -  Windows is in NORMAL mode.
[03/24/2008, 11:27:43] - Searching for Browser Helper Objects:
[03/24/2008, 11:27:44] -  BHO 1: {02478D38-C3F9-4efb-9B51-7695ECA05670} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[03/24/2008, 11:27:44] -  BHO 3: {0BAE8A84-B193-4A36-BBF2-7672495360F0} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 4: {0D39A900-0F3A-4C29-A254-3E65244FDC34} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 5: {1B539C9F-F0A0-4826-908E-CD1C01F1952D} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 6: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 7: {2A8F5AE7-F4BC-48C2-A83B-EA8CB83EFE2F} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 8: {2BBC45FC-F56C-4B0E-8C8B-1D973F3D7068} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 9: {337C034E-F478-4142-93FF-358FEDD5F5C1} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 10: {38A8566C-F5F1-4AEE-BD1D-76C4AC424539} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 11: {3DE1728C-0010-47E0-8AA1-E22FADF90C99} ()
[03/24/2008, 11:27:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:44] -  No filename found. Continuing.
[03/24/2008, 11:27:44] -  BHO 12: {409D8EB6-0BF4-4FAC-B0A2-F11D18F807F1} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 13: {4EE4AD0F-1E23-401F-B4F9-CCD64B956A1A} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 14: {52097E44-D3C9-456E-9717-6AC3F6C6CEA8} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 15: {52879D60-D030-440E-99C2-07E2B0A5353C} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 16: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[03/24/2008, 11:27:45] -  BHO 17: {6A87B991-A31F-4130-AE72-6D0C294BF082} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 18: {716EAC39-14FE-441D-BD71-090D81A71CC2} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 19: {72C83417-35C4-494A-B3A9-30A66FAC95D5} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 20: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[03/24/2008, 11:27:45] -  BHO 21: {76EA59F5-0FF4-45F8-9667-ADBB1C63D5E1} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 22: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 23: {83E648CF-AEFC-425F-A804-2302FE82F4C5} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 24: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[03/24/2008, 11:27:45] -  BHO 25: {9AF68C56-89E9-4FA9-8D2A-32910337635A} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 26: {A33A1DD7-F950-4466-A4A2-45D8499434E4} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 27: {A4E5F008-1722-4249-B22E-36A7307299B8} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:45] -  BHO 28: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[03/24/2008, 11:27:45] -  BHO 29: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[03/24/2008, 11:27:45] -  BHO 30: {B23FD017-220F-4CA5-A9FC-F2AA84C70F18} ()
[03/24/2008, 11:27:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:45] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 31: {b2512e6f-23fe-4894-a23c-af7d8edc04d7} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 32: {B695415A-B151-4780-A948-80A668906853} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 33: {B77F72D8-851A-4445-B3E5-901C15357D33} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 34: {BE2ACAD0-BB0D-4773-9B41-1D584025651A} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 35: {BEF65E04-2759-4E79-BD8C-EE7699F0E0FA} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 36: {C529DBC3-8AB3-4488-9457-DBDF20B3388B} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 37: {CFD3E93D-A3D2-4A4D-8840-2D623F628CA2} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 38: {D08B996D-6570-4862-849F-A5FE1E1FFA04} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 39: {D1F0E831-8A3F-4EBE-8AC5-427DC723B36A} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 40: {dd0c7c20-a350-4a1b-96b4-891a6c470061} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 41: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 42: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[03/24/2008, 11:27:46] -  BHO 43: {EA76B718-90E3-4CAF-B289-DB5115A20382} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 44: {F2817DDF-5D6F-419A-808E-A4D7AF105889} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 45: {F46773C7-988C-496C-B887-A77AE316E899} ()
[03/24/2008, 11:27:46] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:46] -  No filename found. Continuing.
[03/24/2008, 11:27:46] -  BHO 46: {F6F8209B-3B9C-451C-8EE7-1520400D8FF6} ()
[03/24/2008, 11:27:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:47] -  Checking for HKLM\...\Winlogon\Notify\vtsqn
[03/24/2008, 11:27:47] -  Key not found: HKLM\...\Winlogon\Notify\vtsqn, continuing.
[03/24/2008, 11:27:47] -  BHO 47: {F9CD65D1-3B32-4B02-939F-EF9255AE1827} ()
[03/24/2008, 11:27:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:47] -  No filename found. Continuing.
[03/24/2008, 11:27:47] -  BHO 48: {F9FDCC9B-D316-4CA3-AF9B-E8EA9382F572} ()
[03/24/2008, 11:27:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 11:27:47] -  No filename found. Continuing.
[03/24/2008, 11:27:47] - Finished Searching Browser Helper Objects
[03/24/2008, 11:27:47] - Finishing up...
[03/24/2008, 11:27:47] - Nothing found! Exiting...

ep44 · Answer

ok maintenant combo

je te donne réponse ce soir

d0vy · Answer

Alors je clôture cette discussion car le problème est résolu!

Différemment que prévu mais c'est clair que maintenant mon pc fonctionne très bien!
Evidemment parce que j'ai du le formater!!!!

Alors je tiens à mettre en garde toute personne qui viendrait sur ce forum pour un problème similaire au mien.NE TELECHARGER PAS COMBOFIX!!!!

Ce programme est, c'est vrai très radical, mais se fout de savoir où se trouve le virus! Du coup, mes virus se trouvaient dans le system 32 et combofix a supprimer les dossiers dans lesquels se trouvaient les virus! Du coup mon pc s'allumait et quand il arrivait au démarrage, l'écran noir!
Solution: formatage!!!

Alors SVP pour toutes les personnes qui essayent de nous aider par forum, c'est bien gentil, mais quand un programme peut causer des problèmes comme celui-ci svp signalez-le!

ep44 · Answer

Bonsoir Dovy 

pour combofix je le fais utiliser pratiquement tous les jours et je n'ai jamais eu ce problème 
il est vrai que c'est un logiciel très puissant mais sans risque (normalement )
je suis désolé mais je ne peux pas expliquer ce qui t'est arrivé
je ferai partager ton message pour comprendre et savoir si il y a eu le même genre de soucis ailleurs 
as tu laissé travailler combofix sans toucher au pc ?
as tu fais une manip pendant qu'il travaillait ?
merci de répondre

d0vy · Answer

Bonsoir ep44,

Non rien du tout, j'ai laissé le programme tourner et quand il m'a demandé de le laisser redémarrer à la fin du scan, j'ai laissé faire...

Je ne sais pas ce qu'il s'est passé!

Bonne soirée!!

ep44 · Answer

Bonsoir 

pour commencer merci pour ta réponse 

une question as tu essayer le mode sans échec 
ou autre mode 

Merci 
@+

d0vy · Answer

Juste après le scan, le pc s'est rallumé de lui-même. Tout a correctement fonctionné jusqu'où normalement la page bleu de démarrage de windows devait s'afficher. A cet endroit là, j'avais un écran noir, et je voyais juste ma souris. Plus d'accès au bureau!

Donc du coup, j'ai redémarré en mode sans échec, pareil écran noir au même endroit. Puis en dernière bonne configuration de windows, pareil également!

Je pense que le formatage était la dernière solution!

Bonne aprem!

ep44 · Answer

Salut 

Merci pour les infos 
je pense en effet qu'il faut mettre un peu plus d'info sur la façon d'exécuter combofix 
désolé et bonne chance pour la suite 
@+

romariopg · Answer

salut à tous je voudrais savoir si mon pc est à nouveau saint, voici mon rapport hijackthis, merci de dire ce qu'il en ressort ça m'aiderai bcp... 

Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 03:39:33, on 31/03/2008 
Platform: Windows Vista (WinNT 6.00.1904) 
MSIE: Internet Explorer v7.00 (7.00.6000.16609) 
Boot mode: Normal 

Running processes: 
C:\Windows\system32\Dwm.exe 
C:\Windows\Explorer.EXE 
C:\Windows\system32	askeng.exe 
C:\Program Files\Windows Defender\MSASCui.exe 
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
C:\Program Files\HP\QuickPlay\QPService.exe 
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe 
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe 
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 
C:\Program Files\DAEMON Tools\daemon.exe 
C:\Program Files\AGEIA Technologies\TrayIcon.exe 
C:\Program Files\Common Files\Real\Update_OBealsched.exe 
C:\Program Files\Alwil Software\Avast4\ashDisp.exe 
C:\Program Files\Winamp\winampa.exe 
C:\Windows\System32undll32.exe 
C:\Program Files\Windows Sidebar\sidebar.exe 
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
C:\Windows\ehome\ehtray.exe 
C:\Program Files\MSN Messenger\msnmsgr.exe 
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe 
C:\Program Files\Windows Media Player\wmpnscfg.exe 
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe 
C:\Windows\System32undll32.exe 
C:\Windows\ehome\ehmsas.exe 
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 
C:\Program Files\Spyware Doctor\SDTrayApp.exe 
C:\Program Files\Internet Explorer\ieuser.exe 
C:\Program Files\Internet Explorer\iexplore.exe 
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe 
C:\Usersomariopg\Downloads\HiJackThis.exe 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/ 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/ 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O1 - Hosts: ::1 localhost 
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll 
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll 
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide 
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" 
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start 
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe 
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe 
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" 
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" 
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe 
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe" -osboot 
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe" 
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart 
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup 
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit 
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" 
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe 
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden 
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe 
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background 
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe 
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray 
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user') 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll 
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll 
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll 
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll 
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL 
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file) 
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file) 
O13 - Gopher Prefix: 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab 
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe 
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe 
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe 
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe 
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe 
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe 
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe 
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe 
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe 
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) 
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe 
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe 
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe 
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe 
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe 
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

ep44 · Answer

Bonsoir romariopg,

il faut créer ton sujet 
merci

Virus virtumonde!!

19 réponses

Discussions similaires