Tom's Guide > Forum > Sécurité - Virus > pc très lent... {résolu}

pc très lent... {résolu}

Forum Sécurité - Virus : pc très lent... {résolu}

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
naruto2706   17-09-2007 à 18:24:46

Bonjour,
J'ai un pc très lent qui m'a tout l'air d'être infecté :s
je poste un rapport hijack :)
Logfile of HijackThis v1.99.1
Scan saved at 18:27:04, on 17/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\WUAUBOOT.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultvidsonly.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {19A04DDB-D96F-7509-3BC1-048AC35C306B} - C:\WINDOWS\SYSTEM\AVRHDMF.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [tupedyjm.exe] C:\WINDOWS\SYSTEM\tupedyjm.exe
O4 - HKLM\..\Run: [jcvqlcpe.exe] C:\WINDOWS\SYSTEM\jcvqlcpe.exe
O4 - HKLM\..\Run: [jonelolc.exe] C:\WINDOWS\SYSTEM\jonelolc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.2,85.255.112.209

Si qqn peut m'aider :)
merci


Message édité par naruto2706 le 23-09-2007 à 01:39:21
------------------------------ I'm a time killer
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
XmichouX   17-09-2007 à 18:38:07
- 0 +

Bonjour,

Le rapport HiJackthis n'est pas complet.


Télécharge Navilog

Enregistre-le sur ton Bureau.
Dézippe le.

Double clique sur Navilog1.bat.
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici : C:\fixnavi.txt

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   17-09-2007 à 18:45:02
- 0 +

J' ai un léger problème aec navilog, lorsque je le lance (navilog1.bat) j'ai la liste des langues qui s'affiche et en dessous j'ai un message "erreur de syntaxe" même si je n'ai rien tapé (d'ailleurs je ne peux rien tapé) et le tout cliognote... :s donc je ne peux pas faire grand chose (ou plutôt rien du tout ^^) Voici quand même le rapport hijack en entier (je pense)
Logfile of HijackThis v1.99.1
Scan saved at 18:44:18, on 17/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\JCVQLCPE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultvidsonly.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {19A04DDB-D96F-7509-3BC1-048AC35C306B} - C:\WINDOWS\SYSTEM\AVRHDMF.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [tupedyjm.exe] C:\WINDOWS\SYSTEM\tupedyjm.exe
O4 - HKLM\..\Run: [jcvqlcpe.exe] C:\WINDOWS\SYSTEM\jcvqlcpe.exe
O4 - HKLM\..\Run: [jonelolc.exe] C:\WINDOWS\SYSTEM\jonelolc.exe
O4 - HKLM\..\Run: [fspkbihy.exe] C:\WINDOWS\SYSTEM\fspkbihy.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.2,85.255.112.209

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   17-09-2007 à 18:48:06
- 0 +

Si il ya incompatibilité avec ta version de windows, on ne pourra rien faire ...

 

Télécharge FixWareout sur le Bureau.
>>Deuxième lien<<

 

Double clique sur FixWareout.exe, : clique sur Next puis Install.
Run fixit doit être coché, enfin clique sur Finish.
Suis les messages à l'écran. Ton ordinateur devra redémarrer, accepte. Le démarrage sera légèrement plus long que d%u2019habitude.

 

Poste le rapport >>C:\fixwareout\report.txt<< accompagné d%u2019un nouveau log HiJackThis.


Message édité par XmichouX le 17-09-2007 à 18:49:45
------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   17-09-2007 à 18:56:02
- 0 +

voila :)

Fixwareout Last edited 9/01/2007
Post this report in the forums please

Random Runs removed from HKLM


We recommend getting a free online scan
Computer Associates eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx

Hosts file was reset, If you use a custom hosts file please replace it.


Logfile of HijackThis v1.99.1
Scan saved at 18:56:42, on 17/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultvidsonly.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {19A04DDB-D96F-7509-3BC1-048AC35C306B} - C:\WINDOWS\SYSTEM\AVRHDMF.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [jcvqlcpe.exe] C:\WINDOWS\SYSTEM\jcvqlcpe.exe
O4 - HKLM\..\Run: [fspkbihy.exe] C:\WINDOWS\SYSTEM\fspkbihy.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.2,85.255.112.209

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   17-09-2007 à 21:02:56
- 0 +


Relance HiJackThis, do a system scan only, coche ces lignes :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultvidsonly.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
O2 - BHO: (no name) - {19A04DDB-D96F-7509-3BC1-048AC35C306B} - C:\WINDOWS\SYSTEM\AVRHDMF.DLL (file missing)
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.2,85.255.112.209


Puis Fix Checked !

Télécharge Blacklight

Sauvegarde le sur ton Bureau

Double-clique fsbl.exe pour le lancer.
clique Scan puis sur Next

A la fin du scan, NE TOUCHE A RIEN et ferme Blacklight

Poste le rapport sur ton bureau qui se nomme fsbl.*******.log (les ******* sont des chiffres)

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   18-09-2007 à 19:37:17
- 0 +

allons bon ! "un fichier .DLL requis, USERENV.DLL, n'a pas été trouvé."
je ne peux pas lancer black light :s

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   18-09-2007 à 20:09:03
- 0 +

Reposte un HiJackthis.

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   18-09-2007 à 20:20:34
- 0 +

voila :)
Logfile of HijackThis v1.99.1
Scan saved at 20:23:29, on 18/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\JCVQLCPE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [jcvqlcpe.exe] C:\WINDOWS\SYSTEM\jcvqlcpe.exe
O4 - HKLM\..\Run: [fspkbihy.exe] C:\WINDOWS\SYSTEM\fspkbihy.exe
O4 - HKLM\..\Run: [lypgbibu.exe] C:\WINDOWS\SYSTEM\lypgbibu.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   18-09-2007 à 20:29:55
- 0 +

Je voudrais vérifier quelque chose.

Aller dans poste de travail>outils>option des dossiers>affichage>afficher les fichiers et dossiers cachés. - - > Appliquer - - > OK

Aller dans poste de travail>outils>option des dossiers>affichage>décocher masquer les fichiers protégés du système d’exploitation. - - > Appliquer - - > OK

Fais analyser ces fichier sur ce site >> Virustotal <<

Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\SYSTEM\jcvqlcpe.exe
Clique maintenant sur envoyer le fichier.
Poste le rapport
Fais la même chose avec ces fichiers : C:\WINDOWS\SYSTEM\fspkbihy.exe
C:\WINDOWS\SYSTEM\lypgbibu.exe

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   18-09-2007 à 21:15:55
- 0 +

Pour le pemier fichier : C:\WINDOWS\SYSTEM\jcvqlcpe.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.19.0 2007.09.18 Win-Trojan/Obfuscated.Gen
AntiVir 7.6.0.10 2007.09.18 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.09.18 -
Avast 4.7.1043.0 2007.09.17 Win32:Obfuscated-BPK
AVG 7.5.0.485 2007.09.18 -
BitDefender 7.2 2007.09.18 Trojan.Obfus.Gen
CAT-QuickHeal 9.00 2007.09.18 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.09.18 -
DrWeb 4.33 2007.09.18 -
eSafe 7.0.15.0 2007.09.17 Suspicious Trojan/Worm
eTrust-Vet 31.2.5144 2007.09.18 Win32/Busky!generic
Ewido 4.0 2007.09.18 -
FileAdvisor 1 2007.09.18 -
Fortinet 3.11.0.0 2007.09.18 -
F-Prot 4.3.2.48 2007.09.17 -
F-Secure 6.70.13030.0 2007.09.18 Trojan.Win32.Obfuscated.ev
Ikarus T3.1.1.12 2007.09.18 Trojan-Downloader.Win32.Busky
Kaspersky 4.0.2.24 2007.09.18 Trojan.Win32.Obfuscated.ev
McAfee 5122 2007.09.18 Downloader-AXI.gen
Microsoft 1.2803 2007.09.18 TrojanDropper:Win32/Busky.gen
NOD32v2 2539 2007.09.18 a variant of Win32/TrojanDownloader.Agent.NJJ
Norman 5.80.02 2007.09.18 -
Panda 9.0.0.4 2007.09.18 Adware/VideoAccess
Prevx1 V2 2007.09.18 -
Rising 19.41.13.00 2007.09.18 Trojan.DL.Obfuscated.gs
Sophos 4.21.0 2007.09.18 -
Sunbelt 2.2.907.0 2007.09.15 VIPRE.Suspicious
Symantec 10 2007.09.18 Trojan.Packed.14
TheHacker 6.2.5.061 2007.09.17 Trojan/Obfuscated.2.gen
VBA32 3.12.2.4 2007.09.18 suspected of Trojan-Downloader.Obfuscated.3 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.18 Trojan.DL.Obfusc.Gen.6
Webwasher-Gateway 6.0.1 2007.09.18 Trojan.Crypt.XPACK.Gen

POur le second : C:\WINDOWS\SYSTEM\fspkbihy.exe

AhnLab-V3 2007.9.19.0 2007.09.18 Win-Trojan/Obfuscated.Gen
AntiVir 7.6.0.10 2007.09.18 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.09.18 -
Avast 4.7.1043.0 2007.09.17 Win32:Obfuscated-BPK
AVG 7.5.0.485 2007.09.18 -
BitDefender 7.2 2007.09.18 Trojan.Obfus.Gen
CAT-QuickHeal 9.00 2007.09.18 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.09.18 -
DrWeb 4.33 2007.09.18 -
eSafe 7.0.15.0 2007.09.17 Suspicious Trojan/Worm
eTrust-Vet 31.2.5144 2007.09.18 Win32/Busky!generic
Ewido 4.0 2007.09.18 -
FileAdvisor 1 2007.09.18 -
Fortinet 3.11.0.0 2007.09.18 -
F-Prot 4.3.2.48 2007.09.17 -
F-Secure 6.70.13030.0 2007.09.18 Trojan.Win32.Obfuscated.ev
Ikarus T3.1.1.12 2007.09.18 Trojan-Downloader.Win32.Busky
Kaspersky 4.0.2.24 2007.09.18 Trojan.Win32.Obfuscated.ev
McAfee 5122 2007.09.18 Downloader-AXI.gen
Microsoft 1.2803 2007.09.18 TrojanDropper:Win32/Busky.gen
NOD32v2 2539 2007.09.18 a variant of Win32/TrojanDownloader.Agent.NJJ
Norman 5.80.02 2007.09.18 -
Panda 9.0.0.4 2007.09.18 Adware/VideoAccess
Prevx1 V2 2007.09.18 -
Rising 19.41.13.00 2007.09.18 Trojan.DL.Obfuscated.gs
Sophos 4.21.0 2007.09.18 -
Sunbelt 2.2.907.0 2007.09.15 VIPRE.Suspicious
Symantec 10 2007.09.18 Trojan.Packed.14
TheHacker 6.2.5.061 2007.09.17 Trojan/Obfuscated.2.gen
VBA32 3.12.2.4 2007.09.18 suspected of Trojan-Downloader.Obfuscated.3 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.18 Trojan.DL.Obfusc.Gen.6
Webwasher-Gateway 6.0.1 2007.09.18 Trojan.Crypt.XPACK.Gen


Pour le troisième : C:\WINDOWS\SYSTEM\lypgbibu.exe

AhnLab-V3 2007.9.19.0 2007.09.18 Win-Trojan/Obfuscated.Gen
AntiVir 7.6.0.10 2007.09.18 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.09.18 -
Avast 4.7.1043.0 2007.09.17 Win32:Obfuscated-BPK
AVG 7.5.0.485 2007.09.18 -
BitDefender 7.2 2007.09.18 Trojan.Obfus.Gen
CAT-QuickHeal 9.00 2007.09.18 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.09.18 -
DrWeb 4.33 2007.09.18 -
eSafe 7.0.15.0 2007.09.17 Suspicious Trojan/Worm
eTrust-Vet 31.2.5144 2007.09.18 Win32/Busky!generic
Ewido 4.0 2007.09.18 -
FileAdvisor 1 2007.09.18 -
Fortinet 3.11.0.0 2007.09.18 -
F-Prot 4.3.2.48 2007.09.17 -
F-Secure 6.70.13030.0 2007.09.18 Trojan.Win32.Obfuscated.ev
Ikarus T3.1.1.12 2007.09.18 Trojan-Downloader.Win32.Busky
Kaspersky 4.0.2.24 2007.09.18 Trojan.Win32.Obfuscated.ev
McAfee 5122 2007.09.18 Downloader-AXI.gen
Microsoft 1.2803 2007.09.18 TrojanDropper:Win32/Busky.gen
NOD32v2 2539 2007.09.18 a variant of Win32/TrojanDownloader.Agent.NJJ
Norman 5.80.02 2007.09.18 -
Panda 9.0.0.4 2007.09.18 Adware/VideoAccess
Prevx1 V2 2007.09.18 -
Rising 19.41.13.00 2007.09.18 Trojan.DL.Obfuscated.gs
Sophos 4.21.0 2007.09.18 -
Sunbelt 2.2.907.0 2007.09.15 VIPRE.Suspicious
Symantec 10 2007.09.18 Trojan.Packed.14
TheHacker 6.2.5.061 2007.09.17 Trojan/Obfuscated.2.gen
VBA32 3.12.2.4 2007.09.18 suspected of Trojan-Downloader.Obfuscated.3 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.18 Trojan.DL.Obfusc.Gen.6
Webwasher-Gateway 6.0.1 2007.09.18 Trojan.Crypt.XPACK.Gen

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   18-09-2007 à 21:41:54
- 0 +

Re,

Peux tu aller dans C:\WINDOWS\SYSTEM et me dire si les fichiers que je t'ai fait analyser ont d'autres extensions ?
ex : C:\WINDOWS\SYSTEM\lypgbibu. exe, . dat ....

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   19-09-2007 à 14:16:43
- 0 +

pour
C:\WINDOWS\SYSTEM\lypgbibu.exe
aucune extension, il eszt le seul à porte ce nom.
Et pour les deux autres...ils sont plus là ^^
en alllumant le pc tout à l'heure, Avast m'a mis une alerte (cheval de troie je crois) pour ces deux là (j'ai dfait "mettre en quarantaine)
Voila voila :)

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   19-09-2007 à 16:39:40
- 0 +

Reposte un HiJackthis..

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   19-09-2007 à 16:47:11
- 0 +

voila la bête :
Logfile of HijackThis v1.99.1
Scan saved at 16:49:41, on 19/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\SYSTEM\LYPGBIBU.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [lypgbibu.exe] C:\WINDOWS\SYSTEM\lypgbibu.exe
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   19-09-2007 à 17:03:21
- 0 +

Tu me diras si ce logiciel marche...

Télécharge OTMoveIt

Sauvegarde-le sur le Bureau

Séléctionne l'encadré ci-dessous

C:\WINDOWS\SYSTEM\zgzolqdu.exe
C:\WINDOWS\SYSTEM\zgzolqdu.dat
C:\WINDOWS\SYSTEM\zgzolqdu_navps.dat
C:\WINDOWS\SYSTEM\zgzolqdu_nav.dat
C:\WINDOWS\SYSTEM\lypgbibu.exe
C:\WINDOWS\SYSTEM\lypgbibu.dat
C:\WINDOWS\SYSTEM\lypgbibu_navps.dat
C:\WINDOWS\SYSTEM\lypgbibu_nav.dat
C:\WINDOWS\SYSTEM\fspkbihy.exe
C:\WINDOWS\SYSTEM\fspkbihy.dat
C:\WINDOWS\SYSTEM\fspkbihy_navps.dat
C:\WINDOWS\SYSTEM\fspkbihy_nav.dat
C:\WINDOWS\SYSTEM\jcvqlcpe.exe
C:\WINDOWS\SYSTEM\jcvqlcpe.dat
C:\WINDOWS\SYSTEM\jcvqlcpe_navps.dat
C:\WINDOWS\SYSTEM\jcvqlcpe_nav.dat


Lance maintenant OTMoveIt .

Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer , accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   19-09-2007 à 17:21:08
- 0 +

C:\WINDOWS\SYSTEM\zgzolqdu.exe moved successfully.
File/Folder C:\WINDOWS\SYSTEM\zgzolqdu.dat not found.
File/Folder C:\WINDOWS\SYSTEM\zgzolqdu_navps.dat not found.
File/Folder C:\WINDOWS\SYSTEM\zgzolqdu_nav.dat not found.
File move failed. C:\WINDOWS\SYSTEM\lypgbibu.exe scheduled to be moved on reboot.
File/Folder C:\WINDOWS\SYSTEM\lypgbibu.dat not found.
File/Folder C:\WINDOWS\SYSTEM\lypgbibu_navps.dat not found.
File/Folder C:\WINDOWS\SYSTEM\lypgbibu_nav.dat not found.
File/Folder C:\WINDOWS\SYSTEM\fspkbihy.exe not found.
File/Folder C:\WINDOWS\SYSTEM\fspkbihy.dat not found.
File/Folder C:\WINDOWS\SYSTEM\fspkbihy_navps.dat not found.
File/Folder C:\WINDOWS\SYSTEM\fspkbihy_nav.dat not found.
File/Folder C:\WINDOWS\SYSTEM\jcvqlcpe.exe not found.
File/Folder C:\WINDOWS\SYSTEM\jcvqlcpe.dat not found.
File/Folder C:\WINDOWS\SYSTEM\jcvqlcpe_navps.dat not found.
File/Folder C:\WINDOWS\SYSTEM\jcvqlcpe_nav.dat not found.

Created on 09/19/2007 17:17:55

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   19-09-2007 à 17:29:47
- 0 +

As-tu accepté le redémarrage de otmovelt? Reposte un Hijackthis.

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   19-09-2007 à 18:37:39
- 0 +

oui j'ai accepté le redémarage, il a fonctionné, voila le rapport
Logfile of HijackThis v1.99.1
Scan saved at 18:40:08, on 19/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\LYPGBIBU.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [lypgbibu.exe] C:\WINDOWS\SYSTEM\lypgbibu.exe
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   19-09-2007 à 18:45:13
- 0 +

Séléctionne l'encadré ci-dessous

C:\WINDOWS\SYSTEM\lypgbibu.exe
C:\WINDOWS\SYSTEM\zgzolqdu.exe
C:\WINDOWS\SYSTEM\aryvmpur.exe


Lance maintenant OTMoveIt .

 

Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

 

Si le programme te demande de redemarrer , accepte.

 

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

 

Et re-reposte un Hijackthis ..


Message édité par XmichouX le 19-09-2007 à 18:45:43
------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   19-09-2007 à 18:55:03
- 0 +

File move failed. C:\WINDOWS\SYSTEM\lypgbibu.exe scheduled to be moved on reboot.
File/Folder C:\WINDOWS\SYSTEM\zgzolqdu.exe not found.
C:\WINDOWS\SYSTEM\aryvmpur.exe moved successfully.

Created on 09/19/2007 18:51:54

Si j'ai bien compris y en a encore un qui n'est pas parti ^^

Logfile of HijackThis v1.99.1
Scan saved at 18:57:00, on 19/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   19-09-2007 à 19:00:31
- 0 +

Télécharge Killbox (tuto)
Dézippe-le sur ton bureau.
coche la case "Delete on reboot" + "unregistre dll before deleting"
Sélectionne l'encadré ci-dessous, puis fais clique droit - copier

C:\WINDOWS\SYSTEM\lypgbibu.exe


Lance PocketKillBox , va dans "File" puis "Paste from Clipboard" (tu ne verras rien se passer).
Tu peux vérifier dans le menu déroulant que tous les fichiers sont bien présents.
Clique sur "all files" et ensuite sur la croix rouge
Réponds yes aux messages qui vont s'afficher.
Si l'ordinateur ne redémarre pas, fais le manuellement.
Après redémarrage, relance Killbox. Va dans "File" puis "Logs" et "Actions History Log".
Poste le rapport.

 



Message édité par XmichouX le 19-09-2007 à 19:01:43
------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   19-09-2007 à 19:05:59
- 0 +

je peux pas cocher la case "unregistre dll before deleting" elle est grisée, je fais sans ?

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   19-09-2007 à 19:16:41
- 0 +

oui.

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   19-09-2007 à 19:19:22
- 0 +

ok jle ferait plus tard ou demaooon ;)

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   19-09-2007 à 19:22:33
- 0 +

ok;)

Spoiler :

Tu devrais changer ton windows tout pourri :D :lol:

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   19-09-2007 à 20:32:52
- 0 +

c'est fait :) par contre avant le rapport d'aujourd'hui il y en a d'autre, car je me sisuis déjà servi de ce logiciel pour désinfecter ce pc, il reste encore les logs.
Pocket Killbox version
Running on Windows Me as HP, Client autorisé
was started @ mercredi, mai 16, 2007, 9:06 PM

Killbox Closed(Exit) @ 9:07:22 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ mercredi, mai 16, 2007, 9:08 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\jgtslsnm.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\stcheck32.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dkhcporq.exe


# 4 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\wrydonyf.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dsxiruba.exe


# 6 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\shcrkrez.exe


# 7 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\tutmvchq.exe


# 8 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\nuvajire.exe


# 9 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\hqfibkri.exe


# 10 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\cfyfspij.exe


# 11 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\izodqzer.exe


# 12 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\avyzolsz.exe


# 13 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\cjonszmz.exe


# 14 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ezwdijmv.exe


# 15 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ulgtmdal.exe


# 16 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\avclwhup.exe


# 17 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\olejqryn.exe


# 18 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\tkxijsfc.exe


# 19 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\tkpkpgnk.exe


# 20 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\jwzcbsdc.exe


# 21 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\sjopyxot.exe


# 22 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\axifktaf.exe


# 23 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\edwjajqj.exe


# 24 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\jwzkhgjq.exe


# 25 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dchqvuji.exe


# 26 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\qjynypgr.exe


# 27 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dshehmjo.exe


# 28 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ghibwxqd.exe


# 29 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\qpebgjmd.exe


# 30 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\mbsdwlez.exe


# 31 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\czyvunof.exe


# 32 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\badqvyne.exe


# 33 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\jatqlcrk.exe


# 34 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\nitsjixk.exe


# 35 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ujwhkjgl.exe


# 36 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\efavahsl.exe


# 37 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\unmpotkf.exe


# 38 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\xalotcle.exe


# 39 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\topavurq.exe


# 40 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\vmduxwpi.exe


# 41 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\irsjkdwn.exe


# 42 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\vyvcpqvc.exe


# 43 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dirkxcvm.exe


# 44 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\cnapozen.exe


Killbox Closed(Exit) @ 9:10:33 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ jeudi, mai 17, 2007, 11:51 AM

# 1 [Delete on Reboot]
Path = c:\windows\system\hpsysdrv.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\pklgdaxq.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\zqdofyxk.exe


# 4 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ypqnsdwt.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ssdpsrv.exe


Killbox Closed(Exit) @ 11:52:28 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ mercredi, septembre 19, 2007, 7:08 PM

Killbox Closed(Exit) @ 7:22:25 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ mercredi, septembre 19, 2007, 8:24 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\lypgbibu.exe


Killbox Closed(Exit) @ 8:27:34 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ mercredi, septembre 19, 2007, 8:31 PM

et maintenant je remet un log hijack au cas où ;)

Logfile of HijackThis v1.99.1
Scan saved at 20:30:55, on 19/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

Pour info, ce pc n'est pas celui dont je me sers habituellement, mais celui que moon frère utilisait, commen maintenant il est pour moi, je souhaite le nettoyer pour lui refaire une santé :) même si je ne compte pas faire de choses extraordinaire avec ^^

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   19-09-2007 à 22:15:42
- 0 +

Dis moi si tu peux installer antivir sur cet ordinateur.
Si c'est le cas, désinstalle avast, garde antivir, fais un scan complet en mode sans échec et poste le rapport ;)

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   21-09-2007 à 23:25:06
- 0 +


AntiVir PersonalEdition Classic
Report file date: vendredi 21 septembre 2007 18:16

Scanning for 569934 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Me
Windows version: (plain) [4.90.3000]
Username: unknown
Computer name: HPPAV

Version information:
BUILD.DAT : 217 13775 Bytes 05/12/2006 16:54:00
AVSCAN.EXE : 7.0.3.2 200744 Bytes 05/12/2006 14:29:56
AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 14:54:04
LUKE.DLL : 7.0.3.2 135208 Bytes 31/10/2006 15:07:42
LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 14:54:04
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 14:29:56
ANTIVIR1.VDF : 6.36.1.24 2212864 Bytes 14/11/2006 08:12:08
ANTIVIR2.VDF : 6.36.1.113 221696 Bytes 01/12/2006 08:12:12
ANTIVIR3.VDF : 6.37.0.3 6144 Bytes 01/12/2006 08:12:14
AVEWIN32.DLL : 7.3.0.15 1982976 Bytes 04/12/2006 16:18:38
AVPREF.DLL : 7.0.2.0 17960 Bytes 03/11/2006 08:56:46
AVREP.DLL : 6.37.0.3 667688 Bytes 01/12/2006 08:06:06
AVRPBASE.DLL : 7.0.0.0 1544232 Bytes 30/03/2006 07:42:44
AVPACK32.DLL : 7.2.0.5 360488 Bytes 23/10/2006 07:09:32
AVREG.DLL : 7.0.1.1 30248 Bytes 23/10/2006 09:52:24
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 11:26:18
RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 14:54:02

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: A:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00007000

Start of the scan: vendredi 21 septembre 2007 18:16

The scan of running processes will be started
Scan process 'AVSCAN.EXE' - '1' Modules have been scanned
Scan process 'AVCENTER.EXE' - '1' Modules have been scanned
Scan process 'INTERNAT.EXE' - '1' Modules have been scanned
Scan process 'STMGR.EXE' - '1' Modules have been scanned
Scan process 'EXPLORER.EXE' - '1' Modules have been scanned
Scan process 'MPREXE.EXE' - '1' Modules have been scanned
Scan process 'MSGSRV32.EXE' - '1' Modules have been scanned
Scan process 'KERNEL32.DLL' - '1' Modules have been scanned
8 processes with 8 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( 32 files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\_RESTORE\TEMP\A0197270.CPY
[DETECTION] Contains suspicious code HEUR/Crypted
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0197271.CPY
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0197273.CPY
[DETECTION] Is the Trojan horse TR/Click.Agent.GY.15
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1379.CAB
[0] Archive type: CAB (Microsoft)
--> A0131977.CPY
[DETECTION] Contains signature of the dropper DR/Zlob.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS206.CAB
[0] Archive type: CAB (Microsoft)
--> A0109971.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0109972.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS81.CAB
[0] Archive type: CAB (Microsoft)
--> A0012729.CPY
[DETECTION] Is the Trojan horse TR/Dialer.EG.14
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS208.CAB
[0] Archive type: CAB (Microsoft)
--> A0110062.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0110064.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1584.CAB
[0] Archive type: CAB (Microsoft)
--> W0219180.CPY
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1595.CAB
[0] Archive type: CAB (Microsoft)
--> A0177593.CPY
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS924.CAB
[0] Archive type: CAB (Microsoft)
--> A0088627.CPY
[DETECTION] Contains signature of the dial-up program DIAL/302366
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS938.CAB
[0] Archive type: CAB (Microsoft)
--> A0089985.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0089989.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0089990.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0089992.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS944.CAB
[0] Archive type: CAB (Microsoft)
--> A0092216.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0092217.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS939.CAB
[0] Archive type: CAB (Microsoft)
--> A0089999.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0090001.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS940.CAB
[0] Archive type: CAB (Microsoft)
--> A0090025.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0090026.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS941.CAB
[0] Archive type: CAB (Microsoft)
--> A0090113.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0090114.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS953.CAB
[0] Archive type: CAB (Microsoft)
--> A0093569.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0093571.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS942.CAB
[0] Archive type: CAB (Microsoft)
--> A0091113.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0091114.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS943.CAB
[0] Archive type: CAB (Microsoft)
--> A0092112.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0092113.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS949.CAB
[0] Archive type: CAB (Microsoft)
--> A0093244.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0093246.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS950.CAB
[0] Archive type: CAB (Microsoft)
--> A0093269.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0093270.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS951.CAB
[0] Archive type: CAB (Microsoft)
--> A0093293.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0093294.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS962.CAB
[0] Archive type: CAB (Microsoft)
--> A0095773.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0095774.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS959.CAB
[0] Archive type: CAB (Microsoft)
--> A0094772.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0094773.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS956.CAB
[0] Archive type: CAB (Microsoft)
--> A0093632.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0093633.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS957.CAB
[0] Archive type: CAB (Microsoft)
--> A0094633.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0094634.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS958.CAB
[0] Archive type: CAB (Microsoft)
--> A0094670.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0094671.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS963.CAB
[0] Archive type: CAB (Microsoft)
--> A0095810.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0095811.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS966.CAB
[0] Archive type: CAB (Microsoft)
--> A0096809.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0096810.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS974.CAB
[0] Archive type: CAB (Microsoft)
--> A0097861.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0097862.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS968.CAB
[0] Archive type: CAB (Microsoft)
--> A0096862.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0096863.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS975.CAB
[0] Archive type: CAB (Microsoft)
--> A0097901.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0097902.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS979.CAB
[0] Archive type: CAB (Microsoft)
--> A0098901.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0098902.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS981.CAB
[0] Archive type: CAB (Microsoft)
--> A0098973.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS982.CAB
[0] Archive type: CAB (Microsoft)
--> A0099973.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0099974.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS992.CAB
[0] Archive type: CAB (Microsoft)
--> A0101414.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0101415.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS988.CAB
[0] Archive type: CAB (Microsoft)
--> A0101164.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0101165.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS987.CAB
[0] Archive type: CAB (Microsoft)
--> A0101041.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0101042.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS993.CAB
[0] Archive type: CAB (Microsoft)
--> A0101452.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0101454.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1000.CAB
[0] Archive type: CAB (Microsoft)
--> A0102560.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102561.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS998.CAB
[0] Archive type: CAB (Microsoft)
--> A0101521.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0101522.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS999.CAB
[0] Archive type: CAB (Microsoft)
--> A0101560.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1005.CAB
[0] Archive type: CAB (Microsoft)
--> A0102681.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102682.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1003.CAB
[0] Archive type: CAB (Microsoft)
--> A0102593.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102595.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1004.CAB
[0] Archive type: CAB (Microsoft)
--> A0102640.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102641.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1010.CAB
[0] Archive type: CAB (Microsoft)
--> A0102941.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0102942.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1008.CAB
[0] Archive type: CAB (Microsoft)
--> A0102839.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102840.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1009.CAB
[0] Archive type: CAB (Microsoft)
--> A0102868.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0102869.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1022.CAB
[0] Archive type: CAB (Microsoft)
--> A0104117.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0104118.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1014.CAB
[0] Archive type: CAB (Microsoft)
--> A0103016.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0103017.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1020.CAB
[0] Archive type: CAB (Microsoft)
--> A0103064.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0103066.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1021.CAB
[0] Archive type: CAB (Microsoft)
--> A0104089.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0104090.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1029.CAB
[0] Archive type: CAB (Microsoft)
--> A0105315.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0105331.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1025.CAB
[0] Archive type: CAB (Microsoft)
--> A0104316.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0104317.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1024.CAB
[0] Archive type: CAB (Microsoft)
--> A0104222.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0104223.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1030.CAB
[0] Archive type: CAB (Microsoft)
--> A0107023.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107024.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1033.CAB
[0] Archive type: CAB (Microsoft)
--> A0107058.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107059.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1060.CAB
[0] Archive type: CAB (Microsoft)
--> A0108887.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0108888.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1041.CAB
[0] Archive type: CAB (Microsoft)
--> A0107241.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0107242.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1040.CAB
[0] Archive type: CAB (Microsoft)
--> A0107214.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107215.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS207.CAB
[0] Archive type: CAB (Microsoft)
--> A0110022.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0110023.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1062.CAB
[0] Archive type: CAB (Microsoft)
--> A0109920.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0109922.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1047.CAB
[0] Archive type: CAB (Microsoft)
--> A0107493.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107495.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1048.CAB
[0] Archive type: CAB (Microsoft)
--> A0107599.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107600.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1049.CAB
[0] Archive type: CAB (Microsoft)
--> A0107652.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107653.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1050.CAB
[0] Archive type: CAB (Microsoft)
--> A0107679.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107680.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1061.CAB
[0] Archive type: CAB (Microsoft)
--> A0109887.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0109888.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1065.CAB
[0] Archive type: CAB (Microsoft)
--> A0110142.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0110143.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1071.CAB
[0] Archive type: CAB (Microsoft)
--> A0110405.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0110406.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1067.CAB
[0] Archive type: CAB (Microsoft)
--> A0110251.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0110252.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1073.CAB
[0] Archive type: CAB (Microsoft)
--> A0111430.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0111432.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1665.CAB
[0] Archive type: CAB (Microsoft)
--> A0186145.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\VundoFix Backups\AVRHDMF.DLL.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '8b3c8819.qua'!
Begin scan in 'A:\' <C:\>
The path A:\ could not be found!
Le périphérique n'est pas prêt.



End of the scan: vendredi 21 septembre 2007 23:21
Used time: 5:05:21 min

The scan has been done completely.

2492 Scanning directories
160247 Files were scanned
134 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
160113 Files not concerned
8508 Archives were scanned
139 Warnings
70 Notes

Je voulais savoir aussi si il fallait s'enregistrer ou je sais pas quoi ,

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   22-09-2007 à 10:04:12
- 0 +

Désactive-réactive la restauration système en t'aidant de ce tuto

 

Vérifie l'existence de ces deux fichiers (en affichant les fichiers cachés et protégés par le système d'exploitation):

 

C:\WINDOWS\SYSTEM\zgzolqdu.exe
C:\WINDOWS\SYSTEM\aryvmpur.exe


Message édité par XmichouX le 22-09-2007 à 10:05:02
------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   22-09-2007 à 11:17:23
- 0 +

Je l'ai fait :)
les deux fichiers ne sont pas dans le répertoire ;)
A l'allumage de mon pc un message me dit en anglais que je dois mettre AntiVir à jour, mais quand je fais "update" il me dit "no valid license file avaible" quel est le problème ?
en attendant je poste un new rapport hijack :)
Logfile of HijackThis v1.99.1
Scan saved at 11:17:41, on 22/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGCTRL.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   22-09-2007 à 11:26:48
- 0 +

As-tu l'impression que ton ordinateur fonctionne mieux qu'avant ?

Relance HiJackThis, do a system scan only, coche ces lignes :

O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe


Puis Fix Checked !

Pour antivir, je ne sais pas trop ..
Si le problème persiste, va sur le site d'antivir pour obtenir les Maj. Pas besoin de licence pour antivir.
Refais un scan antivir ... :D

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   22-09-2007 à 11:31:44
- 0 +

et bien...oui on dxirais qu'il va mieux, même si il est toujours un peu lent mais ça c'est normal vu que c'est un Me -_-'
je refais tout de suite le scan antivr :)

------------------------------ I'm a time killer
 Répondre à naruto2706
naruto2706   22-09-2007 à 13:37:37
- 0 +

je suis sur mon autre pc, j'ai fais l'analyse AntiVir, elle n'a rien trouvé :)
J'ai recherché pour les mise à jour, mais je n'ai rien trouvé, j'ai installé plusieurs fichiers venant de sources différents, aucunes ne marchaient, et là 'illumination' mais oui et si je mettais BitDefender :), j'avais oublié que BD pouvait s'installer sur 2 pc :)
Donc là je suis en train d'installer.
Que dois-je faire de plus pour mon pc ? :)

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   22-09-2007 à 13:42:32
- 0 +

N'oublie pas de désinstaller antivir avant de mettre bitdefender.

Tu peux faire un nettoyage avec ça :

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   22-09-2007 à 16:10:18
- 0 +

j'ai déjà ça sur mon pc :) par contre BD m'a trouvé ce rapport :

//-----------------------------------------------------------------
//
// Product: BitDefender 9 Professional Plus
// Version: 9.0
//
// Créé le: 22/09/2007 13:40:03
//
//-----------------------------------------------------------------


Statistiques

Chemin cible: C:\WINDOWS\SYSTEM\
Dossiers : 90
Fichiers : 2803
Archives : 15
Fichiers empaquetés : 118
Virus trouvés : 2
Fichiers infectés : 10
Alertes : 0
Fichiers suspects : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers copiés : 0
Fichiers déplacés : 10
Fichiers renommés : 0
Erreurs I/O : 0
Temps d'analyse := 00:06:14
Fichiers/seconde :7

Définitions virus : 823324
Plugins d'analyse : 14
Plugins archives : 38
Plug-ins décompression : 6
Plug-ins messagerie : 6
Plug-ins système : 1

Options d'analyse

Détection
[X] Analyser le secteur de boot
[X] Analyser les archives
[X] Analyser les fichiers en paquets
[X] Analyser la messagerie

Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Copier
[ ] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Seconde action
[ ] Ignorer
[ ] Effacer
[ ] Copier
[X] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[X] Afficher tous les fichiers dans le journal
[X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1190461203.log


Sommaire :

C:\WINDOWS\SYSTEM\dkpcbmdg.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\dkpcbmdg.exe Déplacé
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha1.exe Infecté avec: Trojan.Renos.D
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha1.exe Désinfection impossible
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha1.exe Déplacé
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha2.exe Infecté avec: Trojan.Renos.D
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha2.exe Désinfection impossible
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha2.exe Déplacé
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha3.exe Infecté avec: Trojan.Renos.D
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha3.exe Désinfection impossible
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha3.exe Déplacé
C:\WINDOWS\SYSTEM\xevizyfq.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\xevizyfq.exe Déplacé
C:\WINDOWS\SYSTEM\cfydujex.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\cfydujex.exe Déplacé
C:\WINDOWS\SYSTEM\lgjsxaxs.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\lgjsxaxs.exe Déplacé
C:\WINDOWS\SYSTEM\ehatwxkh.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\ehatwxkh.exe Déplacé
C:\WINDOWS\SYSTEM\pszurmbm.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\pszurmbm.exe Déplacé
C:\WINDOWS\SYSTEM\lmxunexk.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\lmxunexk.exe Déplacé

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   22-09-2007 à 16:18:19
- 0 +

Ils sont dans la quarantaine de bitdefender ?
Si c'est le cas, vide la quarantaine de bitdefender.

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   22-09-2007 à 17:38:18
- 0 +

ok merci pour ton aide !
faut-il que je reposte un rapport HijackThis ?

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   22-09-2007 à 17:43:53
- 0 +

Vas-y.

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   22-09-2007 à 18:28:45
- 0 +

voila voila :)
Logfile of HijackThis v1.99.1
Scan saved at 18:30:24, on 22/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDOESRV.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Program Files\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender9\bdinit.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   22-09-2007 à 21:00:59
- 0 +

Je pense qu'on a fini ... Ou encore des problèmes ?

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
naruto2706   23-09-2007 à 01:37:54
- 0 +

non plus de problème :)
encore un grand lerci pour ton aide !

------------------------------ I'm a time killer
 Répondre à naruto2706
XmichouX   23-09-2007 à 10:49:15
- 0 +

Ok.
Bye ;)
Supprime les logiciels utilisés pour la désinfection.

------------------------------ >> Centre de Formation Helpers <<
 Répondre à XmichouX
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > pc très lent... {résolu}
Aller à :

Il y a 1833 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,460 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens