Votre question

pc très lent... {résolu}

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
17 Septembre 2007 18:24:46

Bonjour,
J'ai un pc très lent qui m'a tout l'air d'être infecté :s
je poste un rapport hijack :) 
Logfile of HijackThis v1.99.1
Scan saved at 18:27:04, on 17/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\WUAUBOOT.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultvidsonly.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {19A04DDB-D96F-7509-3BC1-048AC35C306B} - C:\WINDOWS\SYSTEM\AVRHDMF.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [tupedyjm.exe] C:\WINDOWS\SYSTEM\tupedyjm.exe
O4 - HKLM\..\Run: [jcvqlcpe.exe] C:\WINDOWS\SYSTEM\jcvqlcpe.exe
O4 - HKLM\..\Run: [jonelolc.exe] C:\WINDOWS\SYSTEM\jonelolc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.2,85.255.112.209

Si qqn peut m'aider :) 
merci

Autres pages sur : tres lent resolu

17 Septembre 2007 18:38:07

Bonjour,

Le rapport HiJackthis n'est pas complet.


Télécharge Navilog

Enregistre-le sur ton Bureau.
Dézippe le.

Double clique sur Navilog1.bat.
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2,3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.

Le rapport se trouve ici : C:\fixnavi.txt
17 Septembre 2007 18:45:02

J' ai un léger problème aec navilog, lorsque je le lance (navilog1.bat) j'ai la liste des langues qui s'affiche et en dessous j'ai un message "erreur de syntaxe" même si je n'ai rien tapé (d'ailleurs je ne peux rien tapé) et le tout cliognote... :s donc je ne peux pas faire grand chose (ou plutôt rien du tout ^^) Voici quand même le rapport hijack en entier (je pense)
Logfile of HijackThis v1.99.1
Scan saved at 18:44:18, on 17/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\JCVQLCPE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultvidsonly.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {19A04DDB-D96F-7509-3BC1-048AC35C306B} - C:\WINDOWS\SYSTEM\AVRHDMF.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [tupedyjm.exe] C:\WINDOWS\SYSTEM\tupedyjm.exe
O4 - HKLM\..\Run: [jcvqlcpe.exe] C:\WINDOWS\SYSTEM\jcvqlcpe.exe
O4 - HKLM\..\Run: [jonelolc.exe] C:\WINDOWS\SYSTEM\jonelolc.exe
O4 - HKLM\..\Run: [fspkbihy.exe] C:\WINDOWS\SYSTEM\fspkbihy.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.2,85.255.112.209

Contenus similaires
17 Septembre 2007 18:48:06

Si il ya incompatibilité avec ta version de windows, on ne pourra rien faire ...

Télécharge FixWareout sur le Bureau.
>>Deuxième lien<<

Double clique sur FixWareout.exe, : clique sur Next puis Install.
Run fixit doit être coché, enfin clique sur Finish.
Suis les messages à l'écran. Ton ordinateur devra redémarrer, accepte. Le démarrage sera légèrement plus long que d%u2019habitude.

Poste le rapport >>C:\fixwareout\report.txt<< accompagné d%u2019un nouveau log HiJackThis.
17 Septembre 2007 18:56:02

voila :) 

Fixwareout Last edited 9/01/2007
Post this report in the forums please

Random Runs removed from HKLM


We recommend getting a free online scan
Computer Associates eTrust AV Web Scanner: http://www3.ca.com/virusinfo/virusscan.aspx

Hosts file was reset, If you use a custom hosts file please replace it.


Logfile of HijackThis v1.99.1
Scan saved at 18:56:42, on 17/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultvidsonly.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {19A04DDB-D96F-7509-3BC1-048AC35C306B} - C:\WINDOWS\SYSTEM\AVRHDMF.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [jcvqlcpe.exe] C:\WINDOWS\SYSTEM\jcvqlcpe.exe
O4 - HKLM\..\Run: [fspkbihy.exe] C:\WINDOWS\SYSTEM\fspkbihy.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.2,85.255.112.209

17 Septembre 2007 21:02:56


Relance HiJackThis, do a system scan only, coche ces lignes :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adultvidsonly.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
O2 - BHO: (no name) - {19A04DDB-D96F-7509-3BC1-048AC35C306B} - C:\WINDOWS\SYSTEM\AVRHDMF.DLL (file missing)
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 85.255.115.2,85.255.112.209

Puis Fix Checked !

Télécharge Blacklight

Sauvegarde le sur ton Bureau

Double-clique fsbl.exe pour le lancer.
clique Scan puis sur Next

A la fin du scan, NE TOUCHE A RIEN et ferme Blacklight

Poste le rapport sur ton bureau qui se nomme fsbl.*******.log (les ******* sont des chiffres)

18 Septembre 2007 19:37:17

allons bon ! "un fichier .DLL requis, USERENV.DLL, n'a pas été trouvé."
je ne peux pas lancer black light :s
18 Septembre 2007 20:09:03

Reposte un HiJackthis.
18 Septembre 2007 20:20:34

voila :) 
Logfile of HijackThis v1.99.1
Scan saved at 20:23:29, on 18/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\JCVQLCPE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [jcvqlcpe.exe] C:\WINDOWS\SYSTEM\jcvqlcpe.exe
O4 - HKLM\..\Run: [fspkbihy.exe] C:\WINDOWS\SYSTEM\fspkbihy.exe
O4 - HKLM\..\Run: [lypgbibu.exe] C:\WINDOWS\SYSTEM\lypgbibu.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

18 Septembre 2007 20:29:55

Je voudrais vérifier quelque chose.

Aller dans poste de travail>outils>option des dossiers>affichage>afficher les fichiers et dossiers cachés. - - > Appliquer - - > OK

Aller dans poste de travail>outils>option des dossiers>affichage>décocher masquer les fichiers protégés du système d’exploitation. - - > Appliquer - - > OK

Fais analyser ces fichier sur ce site >> Virustotal <<

Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\WINDOWS\SYSTEM\jcvqlcpe.exe
Clique maintenant sur envoyer le fichier.
Poste le rapport
Fais la même chose avec ces fichiers : C:\WINDOWS\SYSTEM\fspkbihy.exe
C:\WINDOWS\SYSTEM\lypgbibu.exe
18 Septembre 2007 21:15:55

Pour le pemier fichier : C:\WINDOWS\SYSTEM\jcvqlcpe.exe

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.19.0 2007.09.18 Win-Trojan/Obfuscated.Gen
AntiVir 7.6.0.10 2007.09.18 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.09.18 -
Avast 4.7.1043.0 2007.09.17 Win32:o bfuscated-BPK
AVG 7.5.0.485 2007.09.18 -
BitDefender 7.2 2007.09.18 Trojan.Obfus.Gen
CAT-QuickHeal 9.00 2007.09.18 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.09.18 -
DrWeb 4.33 2007.09.18 -
eSafe 7.0.15.0 2007.09.17 Suspicious Trojan/Worm
eTrust-Vet 31.2.5144 2007.09.18 Win32/Busky!generic
Ewido 4.0 2007.09.18 -
FileAdvisor 1 2007.09.18 -
Fortinet 3.11.0.0 2007.09.18 -
F-Prot 4.3.2.48 2007.09.17 -
F-Secure 6.70.13030.0 2007.09.18 Trojan.Win32.Obfuscated.ev
Ikarus T3.1.1.12 2007.09.18 Trojan-Downloader.Win32.Busky
Kaspersky 4.0.2.24 2007.09.18 Trojan.Win32.Obfuscated.ev
McAfee 5122 2007.09.18 Downloader-AXI.gen
Microsoft 1.2803 2007.09.18 TrojanDropper:Win32/Busky.gen
NOD32v2 2539 2007.09.18 a variant of Win32/TrojanDownloader.Agent.NJJ
Norman 5.80.02 2007.09.18 -
Panda 9.0.0.4 2007.09.18 Adware/VideoAccess
Prevx1 V2 2007.09.18 -
Rising 19.41.13.00 2007.09.18 Trojan.DL.Obfuscated.gs
Sophos 4.21.0 2007.09.18 -
Sunbelt 2.2.907.0 2007.09.15 VIPRE.Suspicious
Symantec 10 2007.09.18 Trojan.Packed.14
TheHacker 6.2.5.061 2007.09.17 Trojan/Obfuscated.2.gen
VBA32 3.12.2.4 2007.09.18 suspected of Trojan-Downloader.Obfuscated.3 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.18 Trojan.DL.Obfusc.Gen.6
Webwasher-Gateway 6.0.1 2007.09.18 Trojan.Crypt.XPACK.Gen

POur le second : C:\WINDOWS\SYSTEM\fspkbihy.exe

AhnLab-V3 2007.9.19.0 2007.09.18 Win-Trojan/Obfuscated.Gen
AntiVir 7.6.0.10 2007.09.18 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.09.18 -
Avast 4.7.1043.0 2007.09.17 Win32:o bfuscated-BPK
AVG 7.5.0.485 2007.09.18 -
BitDefender 7.2 2007.09.18 Trojan.Obfus.Gen
CAT-QuickHeal 9.00 2007.09.18 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.09.18 -
DrWeb 4.33 2007.09.18 -
eSafe 7.0.15.0 2007.09.17 Suspicious Trojan/Worm
eTrust-Vet 31.2.5144 2007.09.18 Win32/Busky!generic
Ewido 4.0 2007.09.18 -
FileAdvisor 1 2007.09.18 -
Fortinet 3.11.0.0 2007.09.18 -
F-Prot 4.3.2.48 2007.09.17 -
F-Secure 6.70.13030.0 2007.09.18 Trojan.Win32.Obfuscated.ev
Ikarus T3.1.1.12 2007.09.18 Trojan-Downloader.Win32.Busky
Kaspersky 4.0.2.24 2007.09.18 Trojan.Win32.Obfuscated.ev
McAfee 5122 2007.09.18 Downloader-AXI.gen
Microsoft 1.2803 2007.09.18 TrojanDropper:Win32/Busky.gen
NOD32v2 2539 2007.09.18 a variant of Win32/TrojanDownloader.Agent.NJJ
Norman 5.80.02 2007.09.18 -
Panda 9.0.0.4 2007.09.18 Adware/VideoAccess
Prevx1 V2 2007.09.18 -
Rising 19.41.13.00 2007.09.18 Trojan.DL.Obfuscated.gs
Sophos 4.21.0 2007.09.18 -
Sunbelt 2.2.907.0 2007.09.15 VIPRE.Suspicious
Symantec 10 2007.09.18 Trojan.Packed.14
TheHacker 6.2.5.061 2007.09.17 Trojan/Obfuscated.2.gen
VBA32 3.12.2.4 2007.09.18 suspected of Trojan-Downloader.Obfuscated.3 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.18 Trojan.DL.Obfusc.Gen.6
Webwasher-Gateway 6.0.1 2007.09.18 Trojan.Crypt.XPACK.Gen


Pour le troisième : C:\WINDOWS\SYSTEM\lypgbibu.exe

AhnLab-V3 2007.9.19.0 2007.09.18 Win-Trojan/Obfuscated.Gen
AntiVir 7.6.0.10 2007.09.18 TR/Crypt.XPACK.Gen
Authentium 4.93.8 2007.09.18 -
Avast 4.7.1043.0 2007.09.17 Win32:o bfuscated-BPK
AVG 7.5.0.485 2007.09.18 -
BitDefender 7.2 2007.09.18 Trojan.Obfus.Gen
CAT-QuickHeal 9.00 2007.09.18 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.09.18 -
DrWeb 4.33 2007.09.18 -
eSafe 7.0.15.0 2007.09.17 Suspicious Trojan/Worm
eTrust-Vet 31.2.5144 2007.09.18 Win32/Busky!generic
Ewido 4.0 2007.09.18 -
FileAdvisor 1 2007.09.18 -
Fortinet 3.11.0.0 2007.09.18 -
F-Prot 4.3.2.48 2007.09.17 -
F-Secure 6.70.13030.0 2007.09.18 Trojan.Win32.Obfuscated.ev
Ikarus T3.1.1.12 2007.09.18 Trojan-Downloader.Win32.Busky
Kaspersky 4.0.2.24 2007.09.18 Trojan.Win32.Obfuscated.ev
McAfee 5122 2007.09.18 Downloader-AXI.gen
Microsoft 1.2803 2007.09.18 TrojanDropper:Win32/Busky.gen
NOD32v2 2539 2007.09.18 a variant of Win32/TrojanDownloader.Agent.NJJ
Norman 5.80.02 2007.09.18 -
Panda 9.0.0.4 2007.09.18 Adware/VideoAccess
Prevx1 V2 2007.09.18 -
Rising 19.41.13.00 2007.09.18 Trojan.DL.Obfuscated.gs
Sophos 4.21.0 2007.09.18 -
Sunbelt 2.2.907.0 2007.09.15 VIPRE.Suspicious
Symantec 10 2007.09.18 Trojan.Packed.14
TheHacker 6.2.5.061 2007.09.17 Trojan/Obfuscated.2.gen
VBA32 3.12.2.4 2007.09.18 suspected of Trojan-Downloader.Obfuscated.3 (paranoid heuristics)
VirusBuster 4.3.26:9 2007.09.18 Trojan.DL.Obfusc.Gen.6
Webwasher-Gateway 6.0.1 2007.09.18 Trojan.Crypt.XPACK.Gen

18 Septembre 2007 21:41:54

Re,

Peux tu aller dans C:\WINDOWS\SYSTEM et me dire si les fichiers que je t'ai fait analyser ont d'autres extensions ?
ex : C:\WINDOWS\SYSTEM\lypgbibu. exe, . dat ....
19 Septembre 2007 14:16:43

pour
C:\WINDOWS\SYSTEM\lypgbibu.exe
aucune extension, il eszt le seul à porte ce nom.
Et pour les deux autres...ils sont plus là ^^
en alllumant le pc tout à l'heure, Avast m'a mis une alerte (cheval de troie je crois) pour ces deux là (j'ai dfait "mettre en quarantaine)
Voila voila :) 
19 Septembre 2007 16:39:40

Reposte un HiJackthis..
19 Septembre 2007 16:47:11

voila la bête :
Logfile of HijackThis v1.99.1
Scan saved at 16:49:41, on 19/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\WINDOWS\SYSTEM\LYPGBIBU.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [lypgbibu.exe] C:\WINDOWS\SYSTEM\lypgbibu.exe
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

19 Septembre 2007 17:03:21

Tu me diras si ce logiciel marche...

Télécharge OTMoveIt

Sauvegarde-le sur le Bureau

Séléctionne l'encadré ci-dessous
C:\WINDOWS\SYSTEM\zgzolqdu.exe
C:\WINDOWS\SYSTEM\zgzolqdu.dat
C:\WINDOWS\SYSTEM\zgzolqdu_navps.dat
C:\WINDOWS\SYSTEM\zgzolqdu_nav.dat
C:\WINDOWS\SYSTEM\lypgbibu.exe
C:\WINDOWS\SYSTEM\lypgbibu.dat
C:\WINDOWS\SYSTEM\lypgbibu_navps.dat
C:\WINDOWS\SYSTEM\lypgbibu_nav.dat
C:\WINDOWS\SYSTEM\fspkbihy.exe
C:\WINDOWS\SYSTEM\fspkbihy.dat
C:\WINDOWS\SYSTEM\fspkbihy_navps.dat
C:\WINDOWS\SYSTEM\fspkbihy_nav.dat
C:\WINDOWS\SYSTEM\jcvqlcpe.exe
C:\WINDOWS\SYSTEM\jcvqlcpe.dat
C:\WINDOWS\SYSTEM\jcvqlcpe_navps.dat
C:\WINDOWS\SYSTEM\jcvqlcpe_nav.dat

Lance maintenant OTMoveIt .

Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer , accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!
19 Septembre 2007 17:21:08

C:\WINDOWS\SYSTEM\zgzolqdu.exe moved successfully.
File/Folder C:\WINDOWS\SYSTEM\zgzolqdu.dat not found.
File/Folder C:\WINDOWS\SYSTEM\zgzolqdu_navps.dat not found.
File/Folder C:\WINDOWS\SYSTEM\zgzolqdu_nav.dat not found.
File move failed. C:\WINDOWS\SYSTEM\lypgbibu.exe scheduled to be moved on reboot.
File/Folder C:\WINDOWS\SYSTEM\lypgbibu.dat not found.
File/Folder C:\WINDOWS\SYSTEM\lypgbibu_navps.dat not found.
File/Folder C:\WINDOWS\SYSTEM\lypgbibu_nav.dat not found.
File/Folder C:\WINDOWS\SYSTEM\fspkbihy.exe not found.
File/Folder C:\WINDOWS\SYSTEM\fspkbihy.dat not found.
File/Folder C:\WINDOWS\SYSTEM\fspkbihy_navps.dat not found.
File/Folder C:\WINDOWS\SYSTEM\fspkbihy_nav.dat not found.
File/Folder C:\WINDOWS\SYSTEM\jcvqlcpe.exe not found.
File/Folder C:\WINDOWS\SYSTEM\jcvqlcpe.dat not found.
File/Folder C:\WINDOWS\SYSTEM\jcvqlcpe_navps.dat not found.
File/Folder C:\WINDOWS\SYSTEM\jcvqlcpe_nav.dat not found.

Created on 09/19/2007 17:17:55
19 Septembre 2007 17:29:47

As-tu accepté le redémarrage de otmovelt? Reposte un Hijackthis.
19 Septembre 2007 18:37:39

oui j'ai accepté le redémarage, il a fonctionné, voila le rapport
Logfile of HijackThis v1.99.1
Scan saved at 18:40:08, on 19/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\LYPGBIBU.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [lypgbibu.exe] C:\WINDOWS\SYSTEM\lypgbibu.exe
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

19 Septembre 2007 18:45:13

Séléctionne l'encadré ci-dessous
C:\WINDOWS\SYSTEM\lypgbibu.exe
C:\WINDOWS\SYSTEM\zgzolqdu.exe
C:\WINDOWS\SYSTEM\aryvmpur.exe

Lance maintenant OTMoveIt .

Deux cadres apparaissent , clique droit sur le cadre de gauche , puis colle l'encadré ci desssus.
Et clique sur Movelt !

Si le programme te demande de redemarrer , accepte.

Poste le rapport qui se trouve dans : C:\_OTMoveIt\MovedFiles\date de création!

Et re-reposte un Hijackthis ..
19 Septembre 2007 18:55:03

File move failed. C:\WINDOWS\SYSTEM\lypgbibu.exe scheduled to be moved on reboot.
File/Folder C:\WINDOWS\SYSTEM\zgzolqdu.exe not found.
C:\WINDOWS\SYSTEM\aryvmpur.exe moved successfully.

Created on 09/19/2007 18:51:54

Si j'ai bien compris y en a encore un qui n'est pas parti ^^

Logfile of HijackThis v1.99.1
Scan saved at 18:57:00, on 19/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

19 Septembre 2007 19:00:31

Télécharge Killbox (tuto)
Dézippe-le sur ton bureau.
coche la case "Delete on reboot" + "unregistre dll before deleting"
Sélectionne l'encadré ci-dessous, puis fais clique droit - copier
C:\WINDOWS\SYSTEM\lypgbibu.exe

Lance PocketKillBox , va dans "File" puis "Paste from Clipboard" (tu ne verras rien se passer).
Tu peux vérifier dans le menu déroulant que tous les fichiers sont bien présents.
Clique sur "all files" et ensuite sur la croix rouge
Réponds yes aux messages qui vont s'afficher.
Si l'ordinateur ne redémarre pas, fais le manuellement.
Après redémarrage, relance Killbox. Va dans "File" puis "Logs" et "Actions History Log".
Poste le rapport.


19 Septembre 2007 19:05:59

je peux pas cocher la case "unregistre dll before deleting" elle est grisée, je fais sans ?
19 Septembre 2007 19:16:41

oui.
19 Septembre 2007 19:19:22

ok jle ferait plus tard ou demaooon ;) 
19 Septembre 2007 19:22:33

ok;)
Spoiler
Tu devrais changer ton windows tout pourri :D  :lol: 
19 Septembre 2007 20:32:52

c'est fait :)  par contre avant le rapport d'aujourd'hui il y en a d'autre, car je me sisuis déjà servi de ce logiciel pour désinfecter ce pc, il reste encore les logs.
Pocket Killbox version
Running on Windows Me as HP, Client autorisé
was started @ mercredi, mai 16, 2007, 9:06 PM

Killbox Closed(Exit) @ 9:07:22 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ mercredi, mai 16, 2007, 9:08 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\jgtslsnm.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\stcheck32.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dkhcporq.exe


# 4 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\wrydonyf.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dsxiruba.exe


# 6 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\shcrkrez.exe


# 7 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\tutmvchq.exe


# 8 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\nuvajire.exe


# 9 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\hqfibkri.exe


# 10 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\cfyfspij.exe


# 11 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\izodqzer.exe


# 12 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\avyzolsz.exe


# 13 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\cjonszmz.exe


# 14 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ezwdijmv.exe


# 15 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ulgtmdal.exe


# 16 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\avclwhup.exe


# 17 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\olejqryn.exe


# 18 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\tkxijsfc.exe


# 19 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\tkpkpgnk.exe


# 20 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\jwzcbsdc.exe


# 21 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\sjopyxot.exe


# 22 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\axifktaf.exe


# 23 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\edwjajqj.exe


# 24 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\jwzkhgjq.exe


# 25 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dchqvuji.exe


# 26 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\qjynypgr.exe


# 27 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dshehmjo.exe


# 28 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ghibwxqd.exe


# 29 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\qpebgjmd.exe


# 30 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\mbsdwlez.exe


# 31 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\czyvunof.exe


# 32 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\badqvyne.exe


# 33 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\jatqlcrk.exe


# 34 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\nitsjixk.exe


# 35 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ujwhkjgl.exe


# 36 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\efavahsl.exe


# 37 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\unmpotkf.exe


# 38 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\xalotcle.exe


# 39 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\topavurq.exe


# 40 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\vmduxwpi.exe


# 41 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\irsjkdwn.exe


# 42 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\vyvcpqvc.exe


# 43 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\dirkxcvm.exe


# 44 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\cnapozen.exe


Killbox Closed(Exit) @ 9:10:33 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ jeudi, mai 17, 2007, 11:51 AM

# 1 [Delete on Reboot]
Path = c:\windows\system\hpsysdrv.exe


# 2 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\pklgdaxq.exe


# 3 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\zqdofyxk.exe


# 4 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ypqnsdwt.exe


# 5 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\ssdpsrv.exe


Killbox Closed(Exit) @ 11:52:28 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ mercredi, septembre 19, 2007, 7:08 PM

Killbox Closed(Exit) @ 7:22:25 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ mercredi, septembre 19, 2007, 8:24 PM

# 1 [Delete on Reboot]
Path = C:\WINDOWS\SYSTEM\lypgbibu.exe


Killbox Closed(Exit) @ 8:27:34 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows Me as HP, Client autorisé
was started @ mercredi, septembre 19, 2007, 8:31 PM

et maintenant je remet un log hijack au cas où ;) 

Logfile of HijackThis v1.99.1
Scan saved at 20:30:55, on 19/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

Pour info, ce pc n'est pas celui dont je me sers habituellement, mais celui que moon frère utilisait, commen maintenant il est pour moi, je souhaite le nettoyer pour lui refaire une santé :)  même si je ne compte pas faire de choses extraordinaire avec ^^
19 Septembre 2007 22:15:42

Dis moi si tu peux installer antivir sur cet ordinateur.
Si c'est le cas, désinstalle avast, garde antivir, fais un scan complet en mode sans échec et poste le rapport ;) 
21 Septembre 2007 23:25:06


AntiVir PersonalEdition Classic
Report file date: vendredi 21 septembre 2007 18:16

Scanning for 569934 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Me
Windows version: (plain) [4.90.3000]
Username: unknown
Computer name: HPPAV

Version information:
BUILD.DAT : 217 13775 Bytes 05/12/2006 16:54:00
AVSCAN.EXE : 7.0.3.2 200744 Bytes 05/12/2006 14:29:56
AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 14:54:04
LUKE.DLL : 7.0.3.2 135208 Bytes 31/10/2006 15:07:42
LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 14:54:04
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 14:29:56
ANTIVIR1.VDF : 6.36.1.24 2212864 Bytes 14/11/2006 08:12:08
ANTIVIR2.VDF : 6.36.1.113 221696 Bytes 01/12/2006 08:12:12
ANTIVIR3.VDF : 6.37.0.3 6144 Bytes 01/12/2006 08:12:14
AVEWIN32.DLL : 7.3.0.15 1982976 Bytes 04/12/2006 16:18:38
AVPREF.DLL : 7.0.2.0 17960 Bytes 03/11/2006 08:56:46
AVREP.DLL : 6.37.0.3 667688 Bytes 01/12/2006 08:06:06
AVRPBASE.DLL : 7.0.0.0 1544232 Bytes 30/03/2006 07:42:44
AVPACK32.DLL : 7.2.0.5 360488 Bytes 23/10/2006 07:09:32
AVREG.DLL : 7.0.1.1 30248 Bytes 23/10/2006 09:52:24
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 11:26:18
RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 14:54:02

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: A:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00007000

Start of the scan: vendredi 21 septembre 2007 18:16

The scan of running processes will be started
Scan process 'AVSCAN.EXE' - '1' Modules have been scanned
Scan process 'AVCENTER.EXE' - '1' Modules have been scanned
Scan process 'INTERNAT.EXE' - '1' Modules have been scanned
Scan process 'STMGR.EXE' - '1' Modules have been scanned
Scan process 'EXPLORER.EXE' - '1' Modules have been scanned
Scan process 'MPREXE.EXE' - '1' Modules have been scanned
Scan process 'MSGSRV32.EXE' - '1' Modules have been scanned
Scan process 'KERNEL32.DLL' - '1' Modules have been scanned
8 processes with 8 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( 32 files ).


Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\_RESTORE\TEMP\A0197270.CPY
[DETECTION] Contains suspicious code HEUR/Crypted
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0197271.CPY
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0197273.CPY
[DETECTION] Is the Trojan horse TR/Click.Agent.GY.15
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1379.CAB
[0] Archive type: CAB (Microsoft)
--> A0131977.CPY
[DETECTION] Contains signature of the dropper DR/Zlob.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS206.CAB
[0] Archive type: CAB (Microsoft)
--> A0109971.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0109972.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS81.CAB
[0] Archive type: CAB (Microsoft)
--> A0012729.CPY
[DETECTION] Is the Trojan horse TR/Dialer.EG.14
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS208.CAB
[0] Archive type: CAB (Microsoft)
--> A0110062.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0110064.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1584.CAB
[0] Archive type: CAB (Microsoft)
--> W0219180.CPY
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1595.CAB
[0] Archive type: CAB (Microsoft)
--> A0177593.CPY
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS924.CAB
[0] Archive type: CAB (Microsoft)
--> A0088627.CPY
[DETECTION] Contains signature of the dial-up program DIAL/302366
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS938.CAB
[0] Archive type: CAB (Microsoft)
--> A0089985.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0089989.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0089990.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0089992.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS944.CAB
[0] Archive type: CAB (Microsoft)
--> A0092216.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0092217.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS939.CAB
[0] Archive type: CAB (Microsoft)
--> A0089999.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0090001.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS940.CAB
[0] Archive type: CAB (Microsoft)
--> A0090025.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0090026.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS941.CAB
[0] Archive type: CAB (Microsoft)
--> A0090113.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0090114.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS953.CAB
[0] Archive type: CAB (Microsoft)
--> A0093569.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0093571.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS942.CAB
[0] Archive type: CAB (Microsoft)
--> A0091113.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0091114.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS943.CAB
[0] Archive type: CAB (Microsoft)
--> A0092112.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0092113.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS949.CAB
[0] Archive type: CAB (Microsoft)
--> A0093244.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0093246.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS950.CAB
[0] Archive type: CAB (Microsoft)
--> A0093269.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0093270.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS951.CAB
[0] Archive type: CAB (Microsoft)
--> A0093293.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0093294.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS962.CAB
[0] Archive type: CAB (Microsoft)
--> A0095773.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0095774.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS959.CAB
[0] Archive type: CAB (Microsoft)
--> A0094772.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0094773.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS956.CAB
[0] Archive type: CAB (Microsoft)
--> A0093632.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0093633.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS957.CAB
[0] Archive type: CAB (Microsoft)
--> A0094633.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0094634.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS958.CAB
[0] Archive type: CAB (Microsoft)
--> A0094670.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0094671.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS963.CAB
[0] Archive type: CAB (Microsoft)
--> A0095810.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0095811.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS966.CAB
[0] Archive type: CAB (Microsoft)
--> A0096809.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0096810.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS974.CAB
[0] Archive type: CAB (Microsoft)
--> A0097861.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0097862.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS968.CAB
[0] Archive type: CAB (Microsoft)
--> A0096862.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0096863.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS975.CAB
[0] Archive type: CAB (Microsoft)
--> A0097901.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0097902.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS979.CAB
[0] Archive type: CAB (Microsoft)
--> A0098901.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0098902.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS981.CAB
[0] Archive type: CAB (Microsoft)
--> A0098973.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS982.CAB
[0] Archive type: CAB (Microsoft)
--> A0099973.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0099974.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS992.CAB
[0] Archive type: CAB (Microsoft)
--> A0101414.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0101415.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS988.CAB
[0] Archive type: CAB (Microsoft)
--> A0101164.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0101165.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS987.CAB
[0] Archive type: CAB (Microsoft)
--> A0101041.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0101042.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS993.CAB
[0] Archive type: CAB (Microsoft)
--> A0101452.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0101454.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1000.CAB
[0] Archive type: CAB (Microsoft)
--> A0102560.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102561.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS998.CAB
[0] Archive type: CAB (Microsoft)
--> A0101521.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0101522.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS999.CAB
[0] Archive type: CAB (Microsoft)
--> A0101560.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1005.CAB
[0] Archive type: CAB (Microsoft)
--> A0102681.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102682.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1003.CAB
[0] Archive type: CAB (Microsoft)
--> A0102593.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102595.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1004.CAB
[0] Archive type: CAB (Microsoft)
--> A0102640.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102641.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1010.CAB
[0] Archive type: CAB (Microsoft)
--> A0102941.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0102942.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1008.CAB
[0] Archive type: CAB (Microsoft)
--> A0102839.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0102840.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1009.CAB
[0] Archive type: CAB (Microsoft)
--> A0102868.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0102869.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1022.CAB
[0] Archive type: CAB (Microsoft)
--> A0104117.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0104118.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1014.CAB
[0] Archive type: CAB (Microsoft)
--> A0103016.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0103017.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1020.CAB
[0] Archive type: CAB (Microsoft)
--> A0103064.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0103066.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1021.CAB
[0] Archive type: CAB (Microsoft)
--> A0104089.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0104090.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1029.CAB
[0] Archive type: CAB (Microsoft)
--> A0105315.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0105331.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1025.CAB
[0] Archive type: CAB (Microsoft)
--> A0104316.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0104317.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1024.CAB
[0] Archive type: CAB (Microsoft)
--> A0104222.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0104223.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1030.CAB
[0] Archive type: CAB (Microsoft)
--> A0107023.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107024.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1033.CAB
[0] Archive type: CAB (Microsoft)
--> A0107058.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107059.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1060.CAB
[0] Archive type: CAB (Microsoft)
--> A0108887.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0108888.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1041.CAB
[0] Archive type: CAB (Microsoft)
--> A0107241.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0107242.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1040.CAB
[0] Archive type: CAB (Microsoft)
--> A0107214.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107215.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS207.CAB
[0] Archive type: CAB (Microsoft)
--> A0110022.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0110023.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1062.CAB
[0] Archive type: CAB (Microsoft)
--> A0109920.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0109922.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1047.CAB
[0] Archive type: CAB (Microsoft)
--> A0107493.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107495.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1048.CAB
[0] Archive type: CAB (Microsoft)
--> A0107599.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107600.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1049.CAB
[0] Archive type: CAB (Microsoft)
--> A0107652.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107653.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1050.CAB
[0] Archive type: CAB (Microsoft)
--> A0107679.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0107680.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1061.CAB
[0] Archive type: CAB (Microsoft)
--> A0109887.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0109888.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1065.CAB
[0] Archive type: CAB (Microsoft)
--> A0110142.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0110143.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1071.CAB
[0] Archive type: CAB (Microsoft)
--> A0110405.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0110406.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1067.CAB
[0] Archive type: CAB (Microsoft)
--> A0110251.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
--> A0110252.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1073.CAB
[0] Archive type: CAB (Microsoft)
--> A0111430.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
--> A0111432.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mohbpork.A.56
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\ARCHIVE\FS1665.CAB
[0] Archive type: CAB (Microsoft)
--> A0186145.CPY
[DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\VundoFix Backups\AVRHDMF.DLL.bad
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '8b3c8819.qua'!
Begin scan in 'A:\' <C:\>
The path A:\ could not be found!
Le périphérique n'est pas prêt.



End of the scan: vendredi 21 septembre 2007 23:21
Used time: 5:05:21 min

The scan has been done completely.

2492 Scanning directories
160247 Files were scanned
134 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
160113 Files not concerned
8508 Archives were scanned
139 Warnings
70 Notes

Je voulais savoir aussi si il fallait s'enregistrer ou je sais pas quoi ,
22 Septembre 2007 10:04:12

Désactive-réactive la restauration système en t'aidant de ce tuto

Vérifie l'existence de ces deux fichiers (en affichant les fichiers cachés et protégés par le système d'exploitation):

C:\WINDOWS\SYSTEM\zgzolqdu.exe
C:\WINDOWS\SYSTEM\aryvmpur.exe
22 Septembre 2007 11:17:23

Je l'ai fait :) 
les deux fichiers ne sont pas dans le répertoire ;) 
A l'allumage de mon pc un message me dit en anglais que je dois mettre AntiVir à jour, mais quand je fais "update" il me dit "no valid license file avaible" quel est le problème ?
en attendant je poste un new rapport hijack :) 
Logfile of HijackThis v1.99.1
Scan saved at 11:17:41, on 22/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGCTRL.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe
O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

22 Septembre 2007 11:26:48

As-tu l'impression que ton ordinateur fonctionne mieux qu'avant ?

Relance HiJackThis, do a system scan only, coche ces lignes :
O4 - HKLM\..\Run: [zgzolqdu.exe] C:\WINDOWS\SYSTEM\zgzolqdu.exe
O4 - HKLM\..\Run: [aryvmpur.exe] C:\WINDOWS\SYSTEM\aryvmpur.exe

Puis Fix Checked !

Pour antivir, je ne sais pas trop ..
Si le problème persiste, va sur le site d'antivir pour obtenir les Maj. Pas besoin de licence pour antivir.
Refais un scan antivir ... :D 
22 Septembre 2007 11:31:44

et bien...oui on dxirais qu'il va mieux, même si il est toujours un peu lent mais ça c'est normal vu que c'est un Me -_-'
je refais tout de suite le scan antivr :) 
22 Septembre 2007 13:37:37

je suis sur mon autre pc, j'ai fais l'analyse AntiVir, elle n'a rien trouvé :) 
J'ai recherché pour les mise à jour, mais je n'ai rien trouvé, j'ai installé plusieurs fichiers venant de sources différents, aucunes ne marchaient, et là 'illumination' mais oui et si je mettais BitDefender :) , j'avais oublié que BD pouvait s'installer sur 2 pc :) 
Donc là je suis en train d'installer.
Que dois-je faire de plus pour mon pc ? :) 
22 Septembre 2007 13:42:32

N'oublie pas de désinstaller antivir avant de mettre bitdefender.

Tu peux faire un nettoyage avec ça :

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.
22 Septembre 2007 16:10:18

j'ai déjà ça sur mon pc :)  par contre BD m'a trouvé ce rapport :

//-----------------------------------------------------------------
//
// Product: BitDefender 9 Professional Plus
// Version: 9.0
//
// Créé le: 22/09/2007 13:40:03
//
//-----------------------------------------------------------------


Statistiques

Chemin cible: C:\WINDOWS\SYSTEM\
Dossiers : 90
Fichiers : 2803
Archives : 15
Fichiers empaquetés : 118
Virus trouvés : 2
Fichiers infectés : 10
Alertes : 0
Fichiers suspects : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers copiés : 0
Fichiers déplacés : 10
Fichiers renommés : 0
Erreurs I/O : 0
Temps d'analyse := 00:06:14
Fichiers/seconde :7

Définitions virus : 823324
Plugins d'analyse : 14
Plugins archives : 38
Plug-ins décompression : 6
Plug-ins messagerie : 6
Plug-ins système : 1

Options d'analyse

Détection
[X] Analyser le secteur de boot
[X] Analyser les archives
[X] Analyser les fichiers en paquets
[X] Analyser la messagerie

Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Copier
[ ] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Seconde action
[ ] Ignorer
[ ] Effacer
[ ] Copier
[X] Déplacer dans le dossier infectés
[ ] Renommer
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[X] Afficher tous les fichiers dans le journal
[X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1190461203.log


Sommaire :

C:\WINDOWS\SYSTEM\dkpcbmdg.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\dkpcbmdg.exe Déplacé
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha1.exe Infecté avec: Trojan.Renos.D
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha1.exe Désinfection impossible
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha1.exe Déplacé
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha2.exe Infecté avec: Trojan.Renos.D
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha2.exe Désinfection impossible
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha2.exe Déplacé
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha3.exe Infecté avec: Trojan.Renos.D
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha3.exe Désinfection impossible
C:\WINDOWS\SYSTEM\nkisrgha\nkisrgha3.exe Déplacé
C:\WINDOWS\SYSTEM\xevizyfq.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\xevizyfq.exe Déplacé
C:\WINDOWS\SYSTEM\cfydujex.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\cfydujex.exe Déplacé
C:\WINDOWS\SYSTEM\lgjsxaxs.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\lgjsxaxs.exe Déplacé
C:\WINDOWS\SYSTEM\ehatwxkh.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\ehatwxkh.exe Déplacé
C:\WINDOWS\SYSTEM\pszurmbm.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\pszurmbm.exe Déplacé
C:\WINDOWS\SYSTEM\lmxunexk.exe Infecté avec: Trojan.Obfus.Gen
C:\WINDOWS\SYSTEM\lmxunexk.exe Déplacé

22 Septembre 2007 16:18:19

Ils sont dans la quarantaine de bitdefender ?
Si c'est le cas, vide la quarantaine de bitdefender.
22 Septembre 2007 17:38:18

ok merci pour ton aide !
faut-il que je reposte un rapport HijackThis ?
22 Septembre 2007 17:43:53

Vas-y.
22 Septembre 2007 18:28:45

voila voila :) 
Logfile of HijackThis v1.99.1
Scan saved at 18:30:24, on 22/09/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\LVCOMSX.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDMCON.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\VSSERV.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDOESRV.EXE
C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\BDNAGENT.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INVENTEL\GATEWAY\WLANCFG.EXE
C:\PROGRAM FILES\HIJACKTHIS VERSION FRANçAISE\HIJACKTHIS VF.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [wlancfg] C:\Program Files\Inventel\Gateway\wlancfg.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\SYSTEM\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\SOFTWIN\BITDEF~1\BDMCON.EXE
O4 - HKLM\..\Run: [BitDefender Virus Shield] "C:\Program Files\Softwin\BitDefender9\vsserv.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BitDefender Live Service] "C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\PROGRAM FILES\SOFTWIN\BITDEFENDER9\bdnagent.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [BitDefender Communicator] "C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\\xcommsvr.exe"
O4 - HKLM\..\RunServices: [BitDefender Scan Server] "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\\bdss.exe"
O4 - HKLM\..\RunServices: [BitDefender Live! Init] "C:\Program Files\Softwin\BitDefender9\bdinit.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\PROGRAM FILES\LOGITECH\VIDEO\MANIFESTENGINE.EXE" boot
O8 - Extra context menu item: Recherche &Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pages similaires - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Pages liées - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com

22 Septembre 2007 21:00:59

Je pense qu'on a fini ... Ou encore des problèmes ?
23 Septembre 2007 01:37:54

non plus de problème :) 
encore un grand lerci pour ton aide !
23 Septembre 2007 10:49:15

Ok.
Bye ;) 
Supprime les logiciels utilisés pour la désinfection.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS