Se connecter / S'enregistrer
Votre question

[RESOLU] non ho trovato nessun modem per la connession

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Novembre 2006 09:36:55

Bonjour, je suis nouveau sur le forum, je viens vers vous parce que j'ai un probleme avec un virus qui ne cesse de m'afficher un dialer avec ce message : NON HO TROVATO NESSUN MODEM PER LA CONNESSION

Je ne sais pas quoi faire, ad aware, spybot et officescan n'ont rien pu faire, j'en ai marre d'avoir ce dialer qui s'affiche toute les 10 min

A l'aide, dites moi comment faire pour en venir à bout.

la solution existe peut eter dans le forum, mais je n'est pas le temps de surfer, je suis au boulot

Merci d'avance

Autres pages sur : resolu trovato nessun modem per connession

29 Novembre 2006 11:09:41

Bonjour,

D'abord tu vas télécharger hijackthis dans ce lien :

http://www.infos-du-net.com/telecharger/HijackThis,0301...

Et tu vas faire les étapes suivantes :


Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Renomme-le en Scanner.exe (clic droit sur le fichier HijackThis et choisis renommer).
Ensuite, lance le (double clic sur Scanner.exe ensuite tu l’exécutes) appuie sur
Do a system scan a save a logfile, le bloc note va alors s’ouvrir, tu copies et tu colles le rapport ici dans ta prochaine réponse.
29 Novembre 2006 13:21:56

c'est fait, voici le rapport

merci de t'occuper de mon cas

Logfile of HijackThis v1.99.1
Scan saved at 13:24:20, on 29/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\ofcdog.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT\tmlisten.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AutoCAD 2007\acad.exe
C:\DOCUME~1\delvbe\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\delvbe\Bureau\hijack this\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\pplddbhv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {EB1ACE3F-D64D-4BE1-8396-A6CEC9E4F9F6} - C:\WINDOWS\System32\sstqo.dll
O2 - BHO: (no name) - {EFE4E435-7339-49FF-B3B3-ECCF8AAF7F38} - C:\WINDOWS\System32\dssec32.dll
O3 - Toolbar: (no name) - {6C79374B-0B4F-4DF1-8794-84A00CBE1435} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP....
O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveS...
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/178c7d33339a4d4e0f05/netzip...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_uni_dd_final...
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/F...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carlier.intra
O17 - HKLM\Software\..\Telephony: DomainName = carlier.intra
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carlier.intra
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Fichiers communs\Stibo\RS_ProtocolHandler.dll
O20 - Winlogon Notify: sstqo - C:\WINDOWS\System32\sstqo.dll
O20 - Winlogon Notify: winbev32 - C:\WINDOWS\SYSTEM32\winbev32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe


étape suivante ???
a b 8 Sécurité
29 Novembre 2006 13:36:25

Bonjour,

Mets ton titre en minuscule stp.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    29 Novembre 2006 14:43:07

    ok, c'est fait voici les rapports :

    pour vundo :

    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.9

    Scan started at 14:33:50 29/11/2006

    Listing files found while scanning....

    C:\WINDOWS\SYSTEM32\winbev32.dll
    C:\WINDOWS\System32\sstqo.dll
    C:\WINDOWS\System32\oqtss.ini
    C:\WINDOWS\System32\oqtss.bak1
    C:\WINDOWS\System32\oqtss.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\winbev32.dll
    C:\WINDOWS\SYSTEM32\winbev32.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\sstqo.dll
    C:\WINDOWS\System32\sstqo.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\oqtss.ini
    C:\WINDOWS\System32\oqtss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\System32\oqtss.bak1
    C:\WINDOWS\System32\oqtss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\oqtss.bak2
    C:\WINDOWS\System32\oqtss.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\winbev32.dll
    C:\WINDOWS\SYSTEM32\winbev32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\sstqo.dll
    C:\WINDOWS\System32\sstqo.dll Has been deleted!

    Performing Repairs to the registry.
    Done!



    pour hijack this :

    Logfile of HijackThis v1.99.1
    Scan saved at 14:46:58, on 29/11/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\OfficeScan NT\ntrtscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\sxserv101.exe
    C:\OfficeScan NT\tmlisten.exe
    C:\OfficeScan NT\ofcdog.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\OfficeScan NT\pccntmon.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\delvbe\Bureau\hijack this\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\pplddbhv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - C:\WINDOWS\system32\fontextd.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {EB1ACE3F-D64D-4BE1-8396-A6CEC9E4F9F6} - C:\WINDOWS\System32\sstqo.dll (file missing)
    O2 - BHO: (no name) - {EFE4E435-7339-49FF-B3B3-ECCF8AAF7F38} - C:\WINDOWS\System32\dssec32.dll
    O3 - Toolbar: (no name) - {6C79374B-0B4F-4DF1-8794-84A00CBE1435} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP....
    O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveS...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/178c7d33339a4d4e0f05/netzip...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_uni_dd_final...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/F...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carlier.intra
    O17 - HKLM\Software\..\Telephony: DomainName = carlier.intra
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carlier.intra
    O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Fichiers communs\Stibo\RS_ProtocolHandler.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\OfficeScan NT\ntrtscan.exe
    O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe



    a b 8 Sécurité
    29 Novembre 2006 14:51:19

    Re,

    Merci pour le titre ;) 

  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    29 Novembre 2006 15:00:17

    pas de soucis, c'est normal (pour le titre)

    voila le rapport de combofix :

    delvbe - 06-11-29 15:02:03,29 Service Pack 1
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\delvbe\Bureau"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Documents and Settings\delvbe\Application Data\Install.dat


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-29 to 2006-11-29 ))))))))))))))))))))))))))))))))))


    2006-11-29 14:40 70,144 --a------ C:\WINDOWS\SYSTEM32\fontextd.dll
    2006-11-29 14:40 46,122 --a------ C:\WINDOWS\SYSTEM32\sxserv101.exe
    2006-11-29 14:39 87,594 --a------ C:\WINDOWS\g83206812.dll
    2006-11-29 14:33 <REP> d-------- C:\VundoFix Backups
    2006-11-28 16:12 <REP> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
    2006-11-28 14:38 42,516 --a------ C:\WINDOWS\SYSTEM32\pplddbhv.dll
    2006-11-28 14:33 208,896 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
    2006-11-28 14:33 <REP> d-------- C:\WINDOWS\Prefetch
    2006-11-28 08:18 <REP> d-------- C:\Program Files\Lavasoft
    2006-11-28 08:18 <REP> d-------- C:\Documents and Settings\delvbe\Application Data\Lavasoft
    2006-11-27 09:36 <REP> d-------- C:\Program Files\Electronic Arts
    2006-11-27 09:06 38,420 --a------ C:\WINDOWS\SYSTEM32\tiienfbg.dll
    2006-11-27 09:00 40,973 ---hs---- C:\WINDOWS\SYSTEM32\fcywuvu.dll
    2006-11-22 09:16 <REP> d-------- C:\Program Files\MKVToolnix
    2006-11-22 09:08 <REP> d-------- C:\Program Files\Ripp-it_AM
    2006-11-21 09:10 63 --a------ C:\killme.bat
    2006-11-21 09:10 23,042 --a------ C:\WINDOWS\Services.exe
    2006-11-21 09:10 23,042 --a------ C:\auto.exe
    2006-11-09 10:34 <REP> d-------- C:\Documents and Settings\delvbe\Application Data\Sun
    2006-11-09 10:31 <REP> d-------- C:\Program Files\Java
    2006-11-09 10:28 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2006-11-09 08:34 <REP> d-------- C:\Program Files\Fichiers communs\Stibo
    2006-11-08 16:57 44,544 --------- C:\WINDOWS\SYSTEM32\MSXML4A.DLL
    2006-11-08 16:57 <REP> d-------- C:\Program Files\Fichiers communs\crystal
    2006-11-08 16:12 <REP> d-------- C:\Program Files\LizardTech
    2006-11-07 12:59 <REP> d-------- C:\Documents and Settings\delvbe\Application Data\Gearbox Software
    2006-11-06 16:51 <REP> d-------- C:\WINDOWS\SYSTEM32\FlashAX
    2006-11-06 16:45 <REP> d-------- C:\Program Files\jackpotcity_fr_t
    2006-11-06 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NFS Underground
    2006-11-06 11:35 <REP> d-------- C:\Program Files\Fichiers communs\DirectX


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

    Rootkit driver pe386 is present. A rootkit scan is required

    2006-11-28 17:00 -------- d-------- C:\Program Files\WinZip
    2006-11-28 17:00 -------- d-------- C:\Program Files\WinRAR
    2006-11-28 16:59 -------- d-------- C:\Program Files\SuperCopier
    2006-11-28 16:59 -------- d-------- C:\Program Files\Spybot - Search & Destroy
    2006-11-28 16:51 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-28 16:50 -------- d-------- C:\Program Files\Google
    2006-11-28 16:48 -------- d-------- C:\Program Files\Fichiers communs\Autodesk Shared
    2006-11-28 16:44 -------- d-------- C:\Program Files\AutoCAD 2007
    2006-11-28 14:33 -------- d-------- C:\Program Files\Windows Media Player
    2006-11-27 16:55 -------- d-------- C:\Program Files\Pochette Express 2
    2006-11-20 12:40 -------- d-------- C:\Program Files\Winamp
    2006-11-09 10:28 -------- d-------- C:\Program Files\Fichiers communs
    2006-11-09 08:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
    2006-11-06 11:44 -------- d-------- C:\Program Files\EA GAMES
    2006-10-24 13:39 -------- d-------- C:\Program Files\Jeux classiques
    2006-10-24 13:38 -------- d-------- C:\Program Files\SlySoft
    2006-10-24 13:36 -------- d-------- C:\Program Files\MOX PC
    2006-10-24 10:07 -------- d-------- C:\Documents and Settings\delvbe\Application Data\SlySoft
    2006-10-24 10:06 40 ---hs---- C:\Documents and Settings\delvbe\Application Data\.zreglib
    2006-10-09 15:50 -------- d-------- C:\Program Files\Fichiers communs\Designer
    2006-10-09 15:49 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
    2006-10-09 15:49 -------- d-------- C:\Program Files\Common~1
    2006-10-09 15:47 995328 --------- C:\WINDOWS\Setup1.exe
    2006-09-27 08:54 105576 --a------ C:\Documents and Settings\delvbe\Application Data\GDIPFONTCACHEV1.DAT


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "SuperCopier.exe"="C:\\Program Files\\SuperCopier\\SuperCopier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "OfficeScanNT Monitor"="\"C:\\OfficeScan NT\\pccntmon.exe\" -HideWindow"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="http://www.audi.fr/goodies/fondsecran/images/a3/1_1280x..."
    "SubscribedURL"="http://www.audi.fr/goodies/fondsecran/images/a3/1_1280x..."
    "FriendlyName"=""
    "Flags"=dword:00000001
    "Position"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,80,02,00,00,bd,01,00,00,e8,\
    03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:01,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,d4,03,00,00,71,01,00,00,00,05,00,00,c0,03,\
    00,00,01,00,00,40
    "RestoredStateInfo"=hex:14,6d,fb,09,41,c0,ab,74,f0,3f,d1,03,68,de,fb,09,20,6d,\
    fb,09,4b,3f,00,00

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,\
    00,00,04,00,00,40
    "RestoredStateInfo"=hex:18,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,03,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
    "{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"="z"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "NoActiveDesktop"=dword:00000001
    "ClassicShell"=dword:00000000
    "ForceActiveDesktopOn"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Accélérateur de démarrage AutoCAD.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Accélérateur de démarrage AutoCAD.lnk"
    "backup"="C:\\WINDOWS\\pss\\Accélérateur de démarrage AutoCAD.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\FICHIE~1\\AUTODE~1\\ACSTAR~1.EXE "
    "item"="Accélérateur de démarrage AutoCAD"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DirectCD"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Ati2mdxx"
    "hkey"="HKLM"
    "command"="Ati2mdxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="atiptaxx"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bgl]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="bgl"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\bgl.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ctfmon"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DM_Server]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="dmserver"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\COMETS~1\\DM\\bin\\dmserver.exe /onreboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDSentry]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="DSentry"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\DSentry.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="hpztsb05"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="rundll32"
    "hkey"="HKCU"
    "command"="rundll32.exe p2esocks_1021.dll,InstantAccess"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="point32"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Manager]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="AcBtnMgr_X84-X85"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X84-X85.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X84-X85 Button Monitor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ACMonitor_X84-X85"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X84-X85.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msbb"
    "hkey"="HKLM"
    "command"="c:\\windows\\msbb.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mslagent]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mslagent"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\mslagent\\mslagent.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NsUpdate]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NsUpdate"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\NsUpdate.exe UPDATE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="pccntmon"
    "hkey"="HKLM"
    "command"="\"C:\\OfficeScan NT\\pccntmon.exe\" -HideWindow"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="printray"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="qttask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBHC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sbhc"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\SuperBar\\sbhc.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trash it! Scheduler]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="Trash it Scheduler"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Trash it!\\Trash it Scheduler.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At6.job

    Completion time: 06-11-29 15:03:12.39
    C:\ComboFix.txt ... 06-11-29 15:03
    a b 8 Sécurité
    29 Novembre 2006 15:05:07

    On s'occupe du rootkit Pe386 en priorité.

    Télécharge Rustbfix (par ejvindh)
    Sauvegarde-le sur ton Bureau.

    Double clique rustbfix.exe afin de lancer l'outil.
    Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer le PC. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.
    Suite au(x) redémarrage(s), deux rapports s'ouvriront : (C:\avenger.txt & C:\rustbfix\pelog.txt).
    Copie/Colle le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis dans ta prochaine réponse.
    29 Novembre 2006 15:39:41

    ci joint, les 2 rapports

    Pour pelog.text : (j'ai refais la manip une deuxieme fois et ca m'a effacé le premier rapport)

    ************************* Rustock.b-fix -- By ejvindh *************************
    29/11/2006 15:41:48,98


    No Rustock.b-rootkits found


    ******************************* End of Logfile ********************************


    et pour avenger.txt :

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\okqmxvco

    *******************

    Script file located at: \??\C:\WINDOWS\qiavnnjp.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver PE386 unloaded successfully.
    Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

    Completed script processing.

    *******************

    Finished! Terminate.

    et le nouveau hijack this :

    Logfile of HijackThis v1.99.1
    Scan saved at 15:44:48, on 29/11/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\OfficeScan NT\ntrtscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\sxserv101.exe
    C:\OfficeScan NT\tmlisten.exe
    C:\OfficeScan NT\ofcdog.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\OfficeScan NT\pccntmon.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\delvbe\Bureau\hijack this\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\pplddbhv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - C:\WINDOWS\system32\fontextd.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {EB1ACE3F-D64D-4BE1-8396-A6CEC9E4F9F6} - C:\WINDOWS\System32\sstqo.dll (file missing)
    O2 - BHO: (no name) - {EFE4E435-7339-49FF-B3B3-ECCF8AAF7F38} - C:\WINDOWS\System32\dssec32.dll
    O3 - Toolbar: (no name) - {6C79374B-0B4F-4DF1-8794-84A00CBE1435} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP....
    O16 - DPF: {50AD557E-3426-41FD-AFDD-2AF39BB1C387} - http://akamai.downloadv3.com/binaries/LiveService/LiveS...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/178c7d33339a4d4e0f05/netzip...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_uni_dd_final...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/F...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carlier.intra
    O17 - HKLM\Software\..\Telephony: DomainName = carlier.intra
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carlier.intra
    O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Fichiers communs\Stibo\RS_ProtocolHandler.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\OfficeScan NT\ntrtscan.exe
    O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe



    a b 8 Sécurité
    29 Novembre 2006 15:52:17

    Passons maintenant à Egdaccess (ton ordi est une compil d'infections :) )

    Les manipulations sont à faire sans interruption et dans l'ordre
    Si tu ne comprends pas quelque chose, demande des explications avant de commencer.


    Enregistre cette page pour avoir accès à la procédure en mode sans échec :
    - Fichier
    - Enregistrer Sous...
    - Nom du fichier : Procédure
    - Type : Page Web, complète
    - Pour l'emplacement, chosis ton Bureau
    - Clique maintenant sur Enregistrer

    Télécharge :

    Brute Force Uninstaller (de Merjin).
    Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

    Navipromo.zip et décompresse-le sur ton bureau.

    FAIS UN CLIQUE-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde-le dans le dossier créé (C:\BFU).
    Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

    Note : Si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers".

    AIDE : Comment installer et utiliser BFU ?

    Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

    Lance le fichier Navipromo.bat qui se trouve sur ton bureau dans le dossier Navipromo. Sélectionne l'option "Recherche et suppression automatique" en tapant sur la touche R.
    S'il trouve quelque chose, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé.

    Démarre "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

    - Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur :

    EGDACCESS.bfu

    - Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu

    Clique sur Execute et laisse-le faire son travail.

    Attends que Complete script execution apparaîsse pour cliquer sur OK.
    Clique Exit pour fermer le programme BFU.

    Redémarre normalement.

    Poste les rapports :
    - Hijackthis
    - C:\egd.txt
    - C:\Navipromo.txt
    29 Novembre 2006 16:07:21

    tu me demndes de choisir mon compte usuel et non administrateur, mais comme je suis en connexion reseau, mon compte usuel ne fonctionne pas en mode sans echec, j'ai deja essayé plusieurs fois

    que dois je faire
    a b 8 Sécurité
    29 Novembre 2006 16:14:35

    Pour l'admin alors.
    29 Novembre 2006 16:35:39

    ci joint les rapports

    hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 16:37:31, on 29/11/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\OfficeScan NT\ntrtscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\sxserv101.exe
    C:\OfficeScan NT\tmlisten.exe
    C:\OfficeScan NT\ofcdog.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\OfficeScan NT\pccntmon.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\AutoCAD 2007\acad.exe
    C:\DOCUME~1\delvbe\LOCALS~1\Temp\AdskCleanup.0001
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe
    C:\Documents and Settings\delvbe\Bureau\hijack this\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\pplddbhv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - C:\WINDOWS\system32\fontextd.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {EB1ACE3F-D64D-4BE1-8396-A6CEC9E4F9F6} - C:\WINDOWS\System32\sstqo.dll (file missing)
    O2 - BHO: (no name) - {EFE4E435-7339-49FF-B3B3-ECCF8AAF7F38} - C:\WINDOWS\System32\dssec32.dll
    O3 - Toolbar: (no name) - {6C79374B-0B4F-4DF1-8794-84A00CBE1435} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/178c7d33339a4d4e0f05/netzip...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_uni_dd_final...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/F...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carlier.intra
    O17 - HKLM\Software\..\Telephony: DomainName = carlier.intra
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carlier.intra
    O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Fichiers communs\Stibo\RS_ProtocolHandler.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\OfficeScan NT\ntrtscan.exe
    O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe



    egd :

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OfficeScanNT Monitor"="\"C:\\OfficeScan NT\\pccntmon.exe\" -HideWindow"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"


    navipromo :

    Rapport Navipromo.bat 0.5 effectué le 29/11/2006 à 16:32:05,29

    ** Recherche...

    Fin du rapport de recherche
    Adware Navipromo non trouvé avec cette méthode



    29 Novembre 2006 16:43:15

    ok, comme je termine le boulot dans 15 min, je pense que je t'enverrai le raport demain matin...

    en tout cas, merci bcp pour ton aide, je n'y serai jamais arrivé seul
    a b 8 Sécurité
    29 Novembre 2006 16:44:12

    Ok.
    30 Novembre 2006 09:00:19

    bonjour, ci joint, le rapport antivir



    AntiVir PersonalEdition Classic
    Report file date: jeudi 30 novembre 2006 08:10

    Scanning for 569183 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-WURGE-0001
    Platform: Windows XP
    Windows version: (Service Pack 1) [5.1.2600]
    Username: delvbe
    Computer name: PC-BE

    Version information:
    AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 11:06:56
    AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 11:56:33
    LUKE.DLL : 7.0.0.47 118824 07/09/2006 11:32:33
    LUKERES.DLL : 7.0.0.47 9256 07/09/2006 11:56:33
    ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 11:35:27
    ANTIVIR1.VDF : 6.36.1.24 2212864 14/11/2006 07:06:35
    ANTIVIR2.VDF : 6.36.1.80 161280 23/11/2006 07:06:35
    ANTIVIR3.VDF : 6.36.1.105 58368 29/11/2006 07:06:35
    AVEWIN32.DLL : 7.2.0.46 1925632 30/11/2006 07:06:36
    AVPREF.DLL : 7.0.0.2 23592 24/07/2006 13:36:04
    AVREP.DLL : 6.36.1.1 978984 30/11/2006 07:06:36
    AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 09:43:31
    AVPACK32.DLL : 7.2.0.5 368680 30/11/2006 07:06:36
    AVREG.DLL : 6.31.0.90 27688 28/07/2005 11:06:36
    NETNT.DLL : 6.32.0.0 6696 27/09/2005 08:56:49
    NETNW.DLL : 7.0.0.0 9768 24/07/2006 13:35:55
    RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 12:22:57
    RCTEXT.DLL : 7.0.1.4 77864 30/11/2006 07:06:34

    Configuration settings for the scan:
    Jobname.......................: Manual Selection
    Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Boot sectors..................: C
    Scan memory...................: 1
    Process scan..................: 1
    Scan all files................: 2
    Scan archives.................: 1
    Recursion depth...............: 20
    Smart extensions..............: 1
    Macro heuristic...............: 1
    File heuristic................: 0
    Primary action................: 1
    Secondary action..............: 0

    Start of the scan: jeudi 30 novembre 2006 08:10


    The scan of running processes will be started
    12 Processes were scanned

    Start scanning boot sectors:

    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( 7 files ).


    Starting the file scan:

    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\delvbe\ntuser.dat
    [WARNING] The file could not be opened!
    C:\Documents and Settings\delvbe\ntuser.dat.LOG
    [WARNING] The file could not be opened!
    C:\Documents and Settings\delvbe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    [WARNING] The file could not be opened!
    C:\Documents and Settings\delvbe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    [WARNING] The file could not be opened!
    C:\Documents and Settings\delvbe\Local Settings\Temp\AHI2.tmp
    [WARNING] The file could not be opened!
    C:\Documents and Settings\delvbe\Local Settings\Temp\UNDO.ac$
    [WARNING] The file could not be opened!
    C:\Documents and Settings\delvbe\Local Settings\Temp\AdskCleanup.0001.dir.0000\~efe2.tmp
    [WARNING] The file could not be opened!
    C:\Documents and Settings\LocalService\NTUSER.DAT
    [WARNING] The file could not be opened!
    C:\Documents and Settings\LocalService\ntuser.dat.LOG
    [WARNING] The file could not be opened!
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    [WARNING] The file could not be opened!
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    [WARNING] The file could not be opened!
    C:\Documents and Settings\NetworkService\NTUSER.DAT
    [WARNING] The file could not be opened!
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG
    [WARNING] The file could not be opened!
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
    [WARNING] The file could not be opened!
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
    [WARNING] The file could not be opened!
    C:\Program Files\ACD Systems\acdsee60CrackSerialAppz-N00042-58b\acdsee60CrackSerialAppz-N00042-58b.exe
    [DETECTION] Contains signature of the dial-up program DIAL/84448.A
    [INFO] The file was moved to '45d28874.qua'!
    C:\RECYCLER\S-1-5-21-1896993843-4070686630-3772239759-500\Dc5.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Wintri.BN.5
    [INFO] The file was moved to '45a38bb9.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP888\A0117703.exe
    [DETECTION] Contains signature of the dial-up program DIAL/84448.A
    [INFO] The file was moved to '459f8bd6.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119856.dll
    [DETECTION] Is the Trojan horse TR/PCK.Klone.T.1
    [INFO] The file was moved to '459f8be4.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119857.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '459f8bea.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119873.exe
    [DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
    [INFO] The file was moved to '459f8bed.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119874.exe
    [DETECTION] Is the Trojan horse TR/Dialer.PZ.11
    [INFO] The file was moved to '459f8bef.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119882.exe
    [DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
    [INFO] The file was moved to '459f8bf1.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119883.exe
    [DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
    [INFO] The file was moved to '459f8bf6.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119884.exe
    [DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
    [INFO] The file was moved to '47145c5f.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119885.exe
    [DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
    [INFO] The file was moved to '459f8bc8.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119942.exe
    [DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
    [INFO] The file was moved to '459f8bf9.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119953.exe
    [DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
    [INFO] The file was moved to '47145c52.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0119960.exe
    [DETECTION] Is the Trojan horse TR/PCK.Klone.G.86
    [INFO] The file was moved to '459f8bfa.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0120113.exe
    [DETECTION] Contains signature of the dial-up program DIAL/84448.A
    [INFO] The file was moved to '459f8bfc.qua'!
    C:\System Volume Information\_restore{DE4A529F-98CE-4187-A0F7-08590C3BB5E5}\RP890\A0120114.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Wintri.BN.5
    [INFO] The file was moved to '459f8bfd.qua'!
    C:\VundoFix Backups\sstqo.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '45e28c41.qua'!
    C:\VundoFix Backups\winbev32.dll.bad
    [DETECTION] Is the Trojan horse TR/PCK.Klone.T.1
    [INFO] The file was moved to '45dc8c37.qua'!
    C:\WINDOWS\g83206812.dll
    [WARNING] The file could not be opened!
    C:\WINDOWS\$NtUninstallQ329115$\reg00003
    [WARNING] The file could not be opened!
    C:\WINDOWS\browserxtras\pn\remove.exe
    [DETECTION] Contains signature of the dropper DR/Dldr.Keenval.F
    [INFO] The file was moved to '45db8c74.qua'!
    C:\WINDOWS\Downloaded Program Files\FemmesChaudes.exe
    [DETECTION] Is the Trojan horse TR/Dialer.eg.7
    [INFO] The file was moved to '45db8c82.qua'!
    C:\WINDOWS\Downloaded Program Files\sexy18.exe
    [DETECTION] Is the Trojan horse TR/Dialer.eg.7
    [INFO] The file was moved to '45e68c83.qua'!
    C:\WINDOWS\SYSTEM32\cheat_plugin.exe
    [DETECTION] Is the Trojan horse TR/Dldr.IstBar.JA
    [INFO] The file was moved to '45d38d4b.qua'!
    C:\WINDOWS\SYSTEM32\fcywuvu.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was moved to '45e78d55.qua'!
    C:\WINDOWS\SYSTEM32\fontextd.dll
    [DETECTION] Is the Trojan horse TR/Dldr.Delf.aeo.21
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\SYSTEM32\sxserv101.exe
    [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
    [WARNING] The file could not be deleted!
    C:\WINDOWS\SYSTEM32\tiienfbg.dll
    [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Pcclient.CC Backdoor server programs
    [INFO] The file was moved to '45d78e66.qua'!
    C:\WINDOWS\SYSTEM32\ActiveScan\pskavs.dll
    [DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738
    [INFO] The file was moved to '45d98e7c.qua'!
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\CONFIG\SAM
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\DRIVERS\dtscsi.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd8781.sys
    [WARNING] The file could not be opened!


    End of the scan: jeudi 30 novembre 2006 08:55
    Used time: 45:06 min

    The scan has been done completely.

    6503 Scanning directories
    306708 Files were scanned
    27 viruses and/or unwanted programs were found
    0 files were deleted
    0 files were repaired
    25 files were moved to quarantine
    0 files were renamed
    3683 Archives were scanned
    34 Warnings
    2 Notes

    30 Novembre 2006 13:34:50

    ouh ouh, il y a quelqu'un qui pourrai prendre la releve de angeldark....

    Ou alors angel dark, t'es la ????
    a b 8 Sécurité
    30 Novembre 2006 16:41:59

    Reposte un rapport Hijackthis stp.
    30 Novembre 2006 16:42:45

    voila

    Logfile of HijackThis v1.99.1
    Scan saved at 16:46:52, on 30/11/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\OfficeScan NT\ntrtscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\sxserv101.exe
    C:\OfficeScan NT\tmlisten.exe
    C:\OfficeScan NT\ofcdog.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\OfficeScan NT\pccntmon.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\AutoCAD 2007\acad.exe
    C:\DOCUME~1\delvbe\LOCALS~1\Temp\AdskCleanup.0001
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\delvbe\Bureau\hijack this\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\pplddbhv.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - C:\WINDOWS\system32\fontextd.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: (no name) - {EB1ACE3F-D64D-4BE1-8396-A6CEC9E4F9F6} - C:\WINDOWS\System32\sstqo.dll (file missing)
    O2 - BHO: (no name) - {EFE4E435-7339-49FF-B3B3-ECCF8AAF7F38} - C:\WINDOWS\System32\dssec32.dll
    O3 - Toolbar: (no name) - {6C79374B-0B4F-4DF1-8794-84A00CBE1435} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/178c7d33339a4d4e0f05/netzip...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_uni_dd_final...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/F...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carlier.intra
    O17 - HKLM\Software\..\Telephony: DomainName = carlier.intra
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carlier.intra
    O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Fichiers communs\Stibo\RS_ProtocolHandler.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\OfficeScan NT\ntrtscan.exe
    O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe

    a b 8 Sécurité
    30 Novembre 2006 16:54:00

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\pplddbhv.dll
    O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00404} - C:\WINDOWS\system32\fontextd.dll (file missing)
    O2 - BHO: (no name) - {EB1ACE3F-D64D-4BE1-8396-A6CEC9E4F9F6} - C:\WINDOWS\System32\sstqo.dll (file missing)
    O2 - BHO: (no name) - {EFE4E435-7339-49FF-B3B3-ECCF8AAF7F38} - C:\WINDOWS\System32\dssec32.dll
    O3 - Toolbar: (no name) - {6C79374B-0B4F-4DF1-8794-84A00CBE1435} - (no file)
    O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

    Clique sur Fix checked (en bas à gauche)

  • Double-clique VundoFix.exe afin de le lancer
  • NE clique PAS sur le bouton Scan for Vundo
  • Clique Droit dans la fenêtre blanche, choisis Add more files ?
  • Rajoute dans la première ligne :
    C:\WINDOWS\System32\pplddbhv.dll
    Dans la deuxième :
    C:\WINDOWS\System32\dssec32.dll
  • Clique successivement sur :
    - Add Files
    - Close Windows
    - Remove Vundo
  • Si l'outil te demande de redémarrer, accepte.
  • Copie/Colle ensuite le rapport C:\vundofix.txt
    1 Décembre 2006 09:08:42

    merci, voila le rapport vundofix



    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.9

    Scan started at 14:33:50 29/11/2006

    Listing files found while scanning....

    C:\WINDOWS\SYSTEM32\winbev32.dll
    C:\WINDOWS\System32\sstqo.dll
    C:\WINDOWS\System32\oqtss.ini
    C:\WINDOWS\System32\oqtss.bak1
    C:\WINDOWS\System32\oqtss.bak2

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\winbev32.dll
    C:\WINDOWS\SYSTEM32\winbev32.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\sstqo.dll
    C:\WINDOWS\System32\sstqo.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\System32\oqtss.ini
    C:\WINDOWS\System32\oqtss.ini Has been deleted!

    Attempting to delete C:\WINDOWS\System32\oqtss.bak1
    C:\WINDOWS\System32\oqtss.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\oqtss.bak2
    C:\WINDOWS\System32\oqtss.bak2 Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\SYSTEM32\winbev32.dll
    C:\WINDOWS\SYSTEM32\winbev32.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\sstqo.dll
    C:\WINDOWS\System32\sstqo.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\System32\dssec32.dll
    C:\WINDOWS\System32\dssec32.dll Has been deleted!

    Performing Repairs to the registry.
    Done!
    a b 8 Sécurité
    1 Décembre 2006 13:37:54

    Reposte un rapport Hijackthis ;) 
    2 Décembre 2006 08:58:35

    ok, voila

    Logfile of HijackThis v1.99.1
    Scan saved at 09:02:36, on 02/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\OfficeScan NT\ntrtscan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\sxserv101.exe
    C:\OfficeScan NT\tmlisten.exe
    C:\OfficeScan NT\ofcdog.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\OfficeScan NT\pccntmon.exe
    C:\Program Files\SuperCopier\SuperCopier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AutoCAD 2007\acad.exe
    C:\DOCUME~1\delvbe\LOCALS~1\Temp\AdskCleanup.0001
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\WSCommCntr1.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\delvbe\Bureau\hijack this\scanner.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voila.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/fr/fra/gen/default.h...
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O16 - DPF: Interface Chat Voila - http://chat7.x-echo.com/version6/Applet/vchatsign.cab
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/Dj...
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/178c7d33339a4d4e0f05/netzip...
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.fr/clients/uploader_uni_dd_final...
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming.com/fr.jackpotcity/F...
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = carlier.intra
    O17 - HKLM\Software\..\Telephony: DomainName = carlier.intra
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = carlier.intra
    O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Program Files\Fichiers communs\Stibo\RS_ProtocolHandler.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Unknown owner - C:\OfficeScan NT\ntrtscan.exe
    O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe
    O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe

    a b 8 Sécurité
    2 Décembre 2006 12:08:04

    Re,

    Fixe cette ligne :
    O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - (no file)

    - Fais un scan en ligne Kaspersky :
    . Scan la zone critique
    . Sauvegarde puis colle le rapport en fin d'analyse
    Aide pour le scan en ligne.

    NOTES :

    - Si ce message apparaît :
    "La licence de Kaspersky On-line Scanner est périmée"
    Vas dans Ajout/Suppression de programmes pour désinstaller l'Online Scanner
    Retente ensuite le scan.

    - Si tu n'arrive toujours pas à utiliser le scan en ligne, fait un scan en ligne Panda
    . /!\ Lorsqu'il te faudra entrée ton adresse e-mail, clique sur I don't accept (en bas)
    . Poste le rapport en fin d'analyse
    . Si tu as Avast! désactive-le.
    4 Décembre 2006 08:47:30

    ok, ca roule, ci joint, le rapport :


    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Monday, December 04, 2006 8:49:55 AM
    Système d'exploitation : Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 4/12/2006
    Enregistrements dans la base antivirus Kaspersky : 233860
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Zones critiques:
    C:\WINDOWS
    C:\DOCUME~1\delvbe\LOCALS~1\Temp\

    Statistiques de l'analyse:
    Total d'objets analysés: 14375
    Nombre de virus trouvés: 2
    Nombre d'objets infectés: 2 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 00:10:15

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\WINDOWS\$NtUninstallQ329115$\reg00003 L'objet est verrouillé ignoré
    C:\WINDOWS\CSC\00000001 L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\Netlogon.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\oakley.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\Services.exe Infecté : Trojan-Proxy.Win32.VB.t ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\DRIVERS\dtscsi.sys L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\DRIVERS\sptd8781.sys L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\ia_fa0.VIR Infecté : Trojan-Downloader.Win32.Wintrim.w ignoré
    C:\WINDOWS\SYSTEM32\sxserv101.exe L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\WIADEBUG.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\WIASERVC.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    C:\DOCUME~1\delvbe\LOCALS~1\Temp\250843_1_1_7540.dwl L'objet est verrouillé ignoré
    C:\DOCUME~1\delvbe\LOCALS~1\Temp\AdskCleanup.0001.dir.0000\~efe2.tmp L'objet est verrouillé ignoré
    C:\DOCUME~1\delvbe\LOCALS~1\Temp\AHI2.tmp L'objet est verrouillé ignoré
    C:\DOCUME~1\delvbe\LOCALS~1\Temp\UNDB595A.ac$ L'objet est verrouillé ignoré

    Analyse terminée.
    a b 8 Sécurité
    4 Décembre 2006 12:31:21

    Supprimer ces fichiers :
    C:\WINDOWS\SYSTEM32\ia_fa0.VIR
    C:\WINDOWS\Services.exe

    D'autres problèmes ?
    4 Décembre 2006 13:20:24

    merci bcp, pas d'autres probleme pour l'instant

    puis je supprimer tout les programmes que j'ai du installer lors de cette "opération nettoyage"

    Encore merci
    a b 8 Sécurité
    4 Décembre 2006 13:28:09

    Tous sauf AntiVir.
    19 Décembre 2006 16:43:34

    Bon ben voila, j'ai le même probleme et j'y connais rien, j'ai fait une analyse hijackthis, voila ce que ça me donne, est ce que qqn peut m'aider s'il vous plait?

    Logfile of HijackThis v1.99.1
    Scan saved at 16:38:34, on 19/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    D:\MATLAB7\webserver\bin\win32\matlabserver.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    d:\matlab7\bin\win32\matlab.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Browser MOUSE\mouse32a.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSD.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\ipwins\ipwins.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\{C8BB0AFE-069E-1036-0910-040409090021}\Update.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\RealPopup\RealPopup.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\crunner\cproc.exe
    C:\PROGRA~1\MBOLS~1\explorer.exe
    C:\Documents and Settings\François Steinmetz\Application Data\??crosoft\??anregw.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\TEMP\win892D.tmp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\François Steinmetz\Bureau\hijackthis\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evc.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\nmfut.exe
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,yhlxetk.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3D40F712-49F2-1675-A0AF-1543C460F1EC} - (no file)
    O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\jsccbajg.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in_1.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O2 - BHO: (no name) - {676D3439-CDFB-98B3-3753-0A0472202F24} - C:\WINDOWS\system32\flrnpsj.dll
    O2 - BHO: (no name) - {6CB2E9B9-E62A-4CBD-9508-1A85669026Dd} - C:\WINDOWS\system32\ncspqguc.dll
    O2 - BHO: (no name) - {70D7F1FE-C69B-49C8-A6DF-A1DC2A67B6B1} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\system32\rmxjnbmo.dll
    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
    O2 - BHO: (no name) - {C4F460C4-8D21-8BFD-7000-8F1A70CE08B4} - C:\WINDOWS\system32\smtuolue.dll
    O2 - BHO: (no name) - {E3E02054-8570-4781-B47C-3B2BC69A3897} - (no file)
    O2 - BHO: (no name) - {EB39F5B5-28A1-4F6D-8AAF-2AA044C59C74} - C:\WINDOWS\Help\spahrd.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O3 - Toolbar: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
    O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in_1.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
    O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
    O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
    O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Emihtlot] C:\Program Files\Hhjlcs\Zdia.exe
    O4 - HKLM\..\Run: [EasyMessage] "C:\PROGRA~1\ZANGOA~1\ZANGOM~1\em2.exe" -wait
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    O4 - HKLM\..\Run: [bwhrdrh.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\bwhrdrh.dll,iglhyfe
    O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\fppxnlro.dll",setvm
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RealPopup] "C:\Program Files\RealPopup\RealPopup.exe" BOOT
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [cprocsvc] C:\WINDOWS\system32\crunner\cproc.exe
    O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
    O4 - HKCU\..\Run: [Erw] "C:\PROGRA~1\MBOLS~1\explorer.exe" -vt tzt
    O4 - HKCU\..\Run: [Nezx] C:\Documents and Settings\François Steinmetz\Application Data\??crosoft\??anregw.exe
    O4 - Startup: .protected
    O4 - Global Startup: .protected
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\Program Files\PDFtypewriter\PDFtypewriterie.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6AF4C11E-347A-4342-AC6B-3D021F01163A}: NameServer = 10.0.8.4
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: cbxxv - C:\WINDOWS\
    O20 - Winlogon Notify: jtefojao - C:\WINDOWS\SYSTEM32\jtefojao.dll
    O20 - Winlogon Notify: spahrd - C:\WINDOWS\Help\spahrd.dll
    O20 - Winlogon Notify: winijp32 - C:\WINDOWS\SYSTEM32\winijp32.dll
    O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\MATLAB7\webserver\bin\win32\matlabserver.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS