Se connecter / S'enregistrer
Votre question

Virus trojan.win32.BHO rapport hijackthis

Tags :
  • Kaspersky
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Novembre 2006 09:56:14

Mon antivirus detecte a chaque demarrage le trojan.win32.bho.
Je n'arrive pas a m'en defaire.
De plus mon pc plante regulierement et beaucoup de fenetre s'ouvre sur internet...
Merci d'avance pour votre aide.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Mes téléchargements\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Fred\LOCALS~1\Temp\Rar$EX00.078\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tele2internet.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr...
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelpe...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1E4CB6A-2DDA-43D8-BCE7-8E147DDE8FC8}: NameServer = 212.151.136.242 212.151.137.170
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZA\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Mes téléchargements\ewido anti-spyware 4.0\guard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

Autres pages sur : virus trojan win32 bho rapport hijackthis

28 Novembre 2006 10:00:41

Bonjour,

Supprime HijackThis car tu l'as mal placé, il faut imperativement qu'il soit dans un dossier propre à lui même. Suis cette procedure pour installer HijackThis.

Poste un rapport HijackThis

Télécharge le, puis met le dans un dossier dédié (exemple : ..\Bureau\Hijackthis\Hijackthis.exe ).
Renomme-le en Scanner.exe (clic droit sur le fichier HijackThis et choisis renommer).
Ensuite, lance le (double clic sur Scanner.exe ensuite tu l’exécutes) appuie sur Do a system scan a save a logfile, le bloc note va alors s’ouvrir, tu copies et tu colles le rapport ici dans ta prochaine réponse.
28 Novembre 2006 10:05:30

Voila j'ai suivi t'es conseil




Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Mes téléchargements\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fred\Bureau\scanner.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tele2internet.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {534432A2-7173-47C9-9397-B73AB1C6CF75} - C:\WINDOWS\msagent\actsm.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINDOWS\System32\vxhbbxgv.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr...
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelpe...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1E4CB6A-2DDA-43D8-BCE7-8E147DDE8FC8}: NameServer = 212.151.136.242 212.151.137.170
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: actsm - C:\WINDOWS\msagent\actsm.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RnJlZA\command.exe (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Mes téléchargements\ewido anti-spyware 4.0\guard.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

Contenus similaires
28 Novembre 2006 10:14:52

Bonjour,

Egalement infection de type Vundo :( 

1/ Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt dans ta prochaine réponse

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

    2/ Télécharge combofix.exe (par sUBs) sur ton Bureau

    http://download.bleepingcomputer.com/sUBs/combofix.exe

    Double clique combofix.exe et suis les invites.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    3/ Reposte un nouveau rapport HijackThis.
    28 Novembre 2006 10:38:21

    je sais pas comment tu fais pour ty retrouver dans tout ca mais si tu reussi t'es un champion



    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Fred\Bureau"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\uninstall_nmon.vbs
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Program Files\windows
    C:\WINDOWS\RnJlZA

    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

    Folders Quarantined:

    C:\QooBox\Purity\WINDOWS\YSTEM~1


    ((((((((((((((((((((((((((((((( Files Created from 2006-10-28 to 2006-11-28 ))))))))))))))))))))))))))))))))))


    2006-11-28 10:22 1,492 --a------ C:\WINDOWSvundofix.reg
    2006-11-28 10:18 <REP> d-------- C:\VundoFix Backups
    2006-11-27 18:43 496,376 --a------ C:\Program Files\ie6setup.exe
    2006-11-27 18:43 <REP> d-------- C:\WINDOWS\Fichiers d'installation de Windows Update
    2006-11-27 16:41 <REP> dr------- C:\WINDOWS\Offline Web Pages
    2006-11-27 09:02 <REP> dr-h----- C:\Documents and Settings\Fred\Recent
    2006-11-08 11:23 118,804 --a------ C:\WINDOWS\system32\ffsmqrvr.dll
    2006-11-07 17:11 118,804 --a------ C:\WINDOWS\system32\qylwgncb.dll
    2006-11-01 11:48 118,804 --a------ C:\WINDOWS\system32\cbofsyqb.dll
    2006-10-29 19:31 <REP> d-------- C:\Program Files\Yahoo!


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-11-27 18:49 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-27 18:46 -------- d-------- C:\Program Files\Outlook Express
    2006-11-27 16:40 -------- d-------- C:\Program Files\Google
    2006-10-30 21:03 -------- d-------- C:\Program Files\VSToolbar
    2006-10-29 19:05 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
    2006-10-28 18:59 -------- d-------- C:\Documents and Settings\Fred\Application Data\iMesh
    2006-10-28 18:57 -------- d-------- C:\Program Files\iMesh Applications
    2006-10-25 09:18 118804 --a------ C:\WINDOWS\system32\vukbqomt.dll
    2006-10-23 08:40 -------- d-------- C:\Program Files\Champion
    2006-10-23 08:32 74752 --a------ C:\WINDOWS\ST6UNST.EXE
    2006-10-23 08:32 253952 --------- C:\WINDOWS\Setup1.exe
    2006-10-20 16:24 89984 --a------ C:\WINDOWS\system32\drivers\sptd4829.sys
    2006-10-20 14:43 61072 --a------ C:\WINDOWS\system32\drivers\klick.sys
    2006-10-20 14:43 59536 --a------ C:\WINDOWS\system32\drivers\klin.sys
    2006-10-20 14:35 -------- d-------- C:\Program Files\Kaspersky Lab
    2006-10-06 18:59 -------- d-------- C:\Program Files\BitComet
    2006-10-06 18:55 3158142 --a------ C:\Program Files\BitComet_0.73_setup.exe
    2006-10-06 17:13 -------- d-------- C:\Program Files\iMesh
    2006-09-22 12:48 7146680 --a------ C:\Program Files\iMeshV6.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000000

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091
    "CDRAutoRun"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma Loader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma Loader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Démarrage rapide du logiciel HP Image Zone.lnk"
    "backup"="C:\\WINDOWS\\pss\\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
    "item"="Démarrage rapide du logiciel HP Image Zone"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^GStartup.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\GStartup.lnk"
    "backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\Program Files\\Fichiers communs\\GMT\\GMT.exe /startup"
    "item"="GStartup"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\HP Digital Imaging Monitor.lnk"
    "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
    "item"="HP Digital Imaging Monitor"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Rappels du Calendrier Microsoft Works.lnk"
    "backup"="C:\\WINDOWS\\pss\\Rappels du Calendrier Microsoft Works.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\FICHIE~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
    "item"="Rappels du Calendrier Microsoft Works"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fred^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
    "path"="C:\\Documents and Settings\\Fred\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Gamma.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
    "location"="Startup"
    "command"="C:\\PROGRA~1\\FICHIE~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
    "item"="Adobe Gamma"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Fred^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler.exe]
    "path"="C:\\Documents and Settings\\Fred\\Menu Démarrer\\Programmes\\Démarrage\\PowerReg Scheduler.exe"
    "backup"="C:\\WINDOWS\\pss\\PowerReg Scheduler.exeStartup"
    "location"="Startup"
    "command"="C:\\Documents and Settings\\Fred\\Menu Démarrer\\Programmes\\Démarrage\\PowerReg Scheduler.exe"
    "item"="PowerReg Scheduler"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a43964cb.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="a43964cb"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\a43964cb.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="rundll32"
    "hkey"="HKLM"
    "command"="rundll32.exe stmctrl.dll,TaskBar"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="avgcc"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="HPWuSchd2"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="keyboard25"
    "hkey"="HKLM"
    "command"="c:\\\\keyboard25.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msmsgs"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MMKeybd"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Netropa\\Multimedia Keyboard\\MMKeybd.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NEWDOT~2"
    "hkey"="HKLM"
    "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="newname25"
    "hkey"="HKLM"
    "command"="c:\\\\newname25.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="sstray"
    "hkey"="HKLM"
    "command"="sstray.exe /r"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvCpl"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NvMcTray"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"=""
    "hkey"="HKLM"
    "command"=""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="nwiz"
    "hkey"="HKLM"
    "command"="nwiz.exe /install"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Osrr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="msiexec"
    "hkey"="HKCU"
    "command"="\"C:\\PROGRA~1\\FNTS~1\\msiexec.exe\" -vt yax"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys_up1]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="svchostsys"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Versato]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MulMouse"
    "hkey"="HKLM"
    "command"="C:\\PROGRA~1\\MAGICF~1\\MulMouse.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\w017d590.dll]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="RUNDLL32"
    "hkey"="HKLM"
    "command"="RUNDLL32.EXE w017d590.dll,I2 0016272b0017d590"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvald]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="SRSS~1"
    "hkey"="HKCU"
    "command"="C:\\WINDOWS\\system32\\DOBE~1\\SRSS~1.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ziwq]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ziwqm"
    "hkey"="HKCU"
    "command"="C:\\PROGRA~1\\FICHIE~1\\ziwq\\ziwqm.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, msnsspc.dll, digest.dll"

    Completion time: 06-11-28 10:36:21.17
    C:\ComboFix.txt ... 06-11-28 10:36
    Logfile of HijackThis v1.99.1
    Scan saved at 10:38:55, on 28/11/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Mes téléchargements\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Documents and Settings\Fred\Bureau\scanner.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tele2internet.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\jgeqgoow.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O2 - BHO: (no name) - {DADCE79F-F97D-42FF-A214-BFE56021BB02} - C:\WINDOWS\msagent\actsm.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr...
    O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelpe...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C1E4CB6A-2DDA-43D8-BCE7-8E147DDE8FC8}: NameServer = 212.151.136.242 212.151.137.170
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: actsm - C:\WINDOWS\msagent\actsm.dll
    O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Mes téléchargements\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe (file missing)

    28 Novembre 2006 10:43:51

    Il manque le rapport VundoFix :) 
    28 Novembre 2006 10:54:48

    désolé


    VundoFix V4.2.84

    Running as SYSTEM
    from c:\windows\system32\VundoFix.exe

    Checking Java version...

    Sun Java not detected
    Scan started at 21:29:06 21/06/2006

    Listing files found while scanning....


    C:\WINDOWS\system32\egjlm.bak1
    C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\mljge.dll
    Attempting to delete C:\WINDOWS\system32\egjlm.bak1
    C:\WINDOWS\system32\egjlm.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\egjlm.ini
    C:\WINDOWS\system32\egjlm.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mljge.dll
    C:\WINDOWS\system32\mljge.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    VundoFix V4.2.84

    Checking Java version...

    Sun Java not detected
    Scan started at 18:51:36 27/11/2006

    Listing files found while scanning....


    C:\WINDOWS\msagent\mstca.bak1
    C:\WINDOWS\msagent\mstca.tmp
    C:\WINDOWS\msagent\mstca.ini
    C:\WINDOWS\msagent\mstca.ini2
    C:\WINDOWS\msagent\actsm.dll
    C:\WINDOWS\msagent\mstca.ini2
    C:\WINDOWS\msagent\mstca.tmp
    C:\WINDOWS\msagent\mstca.ini
    C:\WINDOWS\msagent\mstca.ini2
    C:\WINDOWS\msagent\actsm.dll

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 10:18:42 28/11/2006

    Listing files found while scanning....

    C:\WINDOWS\msagent\actsm.dll
    C:\WINDOWS\msagent\mstca.ini
    C:\WINDOWS\msagent\mstca.bak1
    C:\WINDOWS\msagent\mstca.ini2
    C:\WINDOWS\msagent\mstca.tmp

    Beginning removal...

    Attempting to delete C:\WINDOWS\msagent\actsm.dll
    C:\WINDOWS\msagent\actsm.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\msagent\mstca.ini
    C:\WINDOWS\msagent\mstca.ini Has been deleted!

    Attempting to delete C:\WINDOWS\msagent\mstca.bak1
    C:\WINDOWS\msagent\mstca.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\msagent\mstca.ini2
    C:\WINDOWS\msagent\mstca.ini2 Has been deleted!

    Attempting to delete C:\WINDOWS\msagent\mstca.tmp
    C:\WINDOWS\msagent\mstca.tmp Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 10:30:58 28/11/2006

    Listing files found while scanning....

    No infected files were found.


    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 10:47:01 28/11/2006

    Listing files found while scanning....

    C:\WINDOWS\msagent\actsm.dll
    C:\WINDOWS\msagent\mstca.ini
    C:\WINDOWS\msagent\mstca.bak1

    Beginning removal...

    Attempting to delete C:\WINDOWS\msagent\actsm.dll
    C:\WINDOWS\msagent\actsm.dll Could not be deleted.

    Attempting to delete C:\WINDOWS\msagent\mstca.ini
    C:\WINDOWS\msagent\mstca.ini Has been deleted!

    Attempting to delete C:\WINDOWS\msagent\mstca.bak1
    C:\WINDOWS\msagent\mstca.bak1 Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 10:50:51 28/11/2006

    Listing files found while scanning....

    No infected files were found.

    28 Novembre 2006 11:07:16

    JE sais pas si j'ai fais les bonnes manip mais ça n'arrete pas!!!

    Winpc2006, drive cleaner etc...
    28 Novembre 2006 11:22:20

    je galere !!! que dois je faire svp
    28 Novembre 2006 11:43:27

    y'a plus personne pour m'aider?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS