Se connecter / S'enregistrer
Votre question

virus downloader avec qomllli.dll et wintoi32.dll infectés.

Tags :
  • Dll
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Août 2006 09:20:33

Pb de virus au démarrage (winlogon). 2 fichiers : qomllli.dll et wintoi32.dll. Norton ne peut rien faire et impossible d'effacer ces fichiers. Ci dessous le log de Hi Jack This :
Logfile of HijackThis v1.99.1
Scan saved at 09:08:39, on 27/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\3dhq Tools\v_ctrl.exe
C:\Program Files\Fichiers communs\{3CB56BE3-0479-1036-0429-020817000021}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\UTILITAIRES\anti virus\hijack this\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5A3E97DD-2A08-48BC-8F43-C0DEABC90266} - C:\WINDOWS\system32\qomllli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt8.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [xv_crtl] C:\Program Files\3dhq Tools\v_ctrl.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MulMouse.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScope...
O20 - Winlogon Notify: qomllli - C:\WINDOWS\SYSTEM32\qomllli.dll
O20 - Winlogon Notify: wintoi32 - wintoi32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\System32\urroxtl.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

AU SECOURS !!!

Autres pages sur : virus downloader qomllli dll wintoi32 dll infectes

27 Août 2006 10:21:19

bonjour
Télécharger sur le Bureau.
VundoFix

= Double-clic VundoFix.exe.
=Cocher la case Run VundoFix as a task.
= Clic OK
=Attendre le redemarrage de Vundofix ( 1 à plusieurs minutes)
=Clic Scan for Vundo

=Puis clic Remove Vundo
= Puis yes
= Le Bureau disparaît un moment lors de la suppression des fichiers.
=Message shutdown
=clic OK
=Redémarrage auto
=copier le rapport qui est dans C:\vundofix.txt
-----
Télécharger : en anglais gratuit 30 jours
Ewido security suite

le mettre à jour = update now
-------
Redémarre en mode Sans Échec
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes. Relancer le Pc et tapoter la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionner Mode sans échec ==> entrée ==>nom utilisateur habituel
---
Scanner puis Complete System Scan ( c’est assez long) et Supprimer ce qu’il trouve = Apply all actions
clic Save Report puis Save report as l’enregistrer sur le bureau
copier le rapport
----
faire un hijack

dans la réponse les rapports : Vundofix , Ewido + hijack
27 Août 2006 19:27:07

Toujours rien...
Ci dessous rapports Vundofix, Ewido, Hijack
VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.6

Scan started at 11:18:50 27/08/2006

Listing files found while scanning....

No infected files were found.


VundoFix V6.1.2

Checking Java version...

Java version is 1.5.0.6

Scan started at 13:43:13 27/08/2006

Listing files found while scanning....

No infected files were found.


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:47:51 27/08/2006

+ Scan result:



C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\GZKFI3S5\cadrebas[1].aspx -> Adware.MediaMotor : Cleaned with backup (quarantined).
D:\jeux\Multi Theft Auto\MTAClient.exe -> Heuristic.Win32.Morphine-Crypted : Ignored.
D:\Sauvegarde rafa\Sauvegarde disque C - Avril 2006\Documents and Settings\darty\Mes documents\Marrant.rar/Marrant\Marrant\HELLO.EXE -> Not-A-Virus.BadJoke.Win32.Baton.a : Ignored.
D:\Sauvegarde rafa\Sauvegarde disque C - Avril 2006\Documents and Settings\darty\Mes documents\Marrant.rar/Marrant\Marrant\CresyMouse.exe -> Not-A-Virus.BadJoke.Win32.MovingMouse.a : Ignored.
C:\Documents and Settings\Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7e09d0a6-6f1c4a0c.zip/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Ignored.
C:\Documents and Settings\Administrateur\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7e09d0a6-6f1c4a0c.zip/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Ignored.
C:\RECYCLER\NPROTECT\00000356.TXT -> TrackingCookie.247realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00000357.TXT -> TrackingCookie.247realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00000363.TXT -> TrackingCookie.247realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00000368.TXT -> TrackingCookie.247realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00000370.TXT -> TrackingCookie.247realmedia : Cleaned.
C:\RECYCLER\NPROTECT\00000371.TXT -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\RECYCLER\NPROTECT\00000367.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\NPROTECT\00000372.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\NPROTECT\00000434.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\NPROTECT\00000446.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\RECYCLER\NPROTECT\00000818.TXT -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\RECYCLER\NPROTECT\00000833.TXT -> TrackingCookie.Liveperson : Cleaned.
C:\RECYCLER\NPROTECT\00000835.TXT -> TrackingCookie.Liveperson : Cleaned.
C:\RECYCLER\NPROTECT\00000358.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000359.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000360.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000364.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000369.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000373.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000417.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000418.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000421.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000422.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000423.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000424.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00000425.TXT -> TrackingCookie.Smartadserver : Cleaned.
C:\RECYCLER\NPROTECT\00002585.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00002594.TXT -> TrackingCookie.Statcounter : Cleaned.
C:\RECYCLER\NPROTECT\00000826.TXT -> TrackingCookie.Valueclick : Cleaned.
C:\RECYCLER\NPROTECT\00000426.TXT -> TrackingCookie.Weborama : Cleaned.
C:\RECYCLER\NPROTECT\00000427.TXT -> TrackingCookie.Weborama : Cleaned.
C:\RECYCLER\NPROTECT\00000807.TXT -> TrackingCookie.Weborama : Cleaned.
C:\RECYCLER\NPROTECT\00000808.TXT -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Administrateur\Cookies\administrateur@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\RECYCLER\NPROTECT\00002580.TXT -> TrackingCookie.Yadro : Cleaned.
D:\jeux\Emulateurs\nintendo\n64\emulateur\GO\GO.exe -> Trojan.Butano : Cleaned with backup (quarantined).
C:\UTILITAIRES\systeme\WIN 98\Modif bdr Win98\modif bdr\bdr.zip/bdr/modif_reg_non.zip/modif_reg_non.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\UTILITAIRES\systeme\modif bdr\bdr.zip/bdr/modif_reg_non.zip/modif_reg_non.reg -> Trojan.Disabler.c : Cleaned with backup (quarantined).
C:\UTILITAIRES\systeme\WIN 98\Modif bdr Win98\modif bdr\bdr.zip/bdr/buro_postrav_non.zip/buro_postrav_non.reg -> Trojan.Nodesktop : Cleaned with backup (quarantined).
C:\UTILITAIRES\systeme\modif bdr\bdr.zip/bdr/buro_postrav_non.zip/buro_postrav_non.reg -> Trojan.Nodesktop : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).
D:\Sauvegarde rafa\Sauvegarde disque C - Avril 2006\Documents and Settings\darty\Mes documents\Titi.rar/Titi\Outil-flash\Vieux jeux\AIRBUC12\JUNGLE.EDY -> Trojan.Susear.a : Cleaned with backup (quarantined).
D:\Sauvegarde rafa\Sauvegarde disque C - Avril 2006\Documents and Settings\darty\Mes documents\Titi.rar/Titi\Outil-flash\Vieux jeux\AIRBUC12\RUNWAY.EDY -> Trojan.Susear.a : Cleaned with backup (quarantined).


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 18:36:55, on 27/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ismon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3dhq Tools\v_ctrl.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Fichiers communs\{3CB56BE3-0479-1036-0429-020817000021}\Update.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\UTILITAIRES\anti virus\hijack this\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5A3E97DD-2A08-48BC-8F43-C0DEABC90266} - C:\WINDOWS\system32\qomllli.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\System32\ixt8.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [xv_crtl] C:\Program Files\3dhq Tools\v_ctrl.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MulMouse.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) - http://www.cyclomedia.nl/download/components/CycloScope...
O20 - Winlogon Notify: qomllli - C:\WINDOWS\SYSTEM32\qomllli.dll
O20 - Winlogon Notify: wintoi32 - wintoi32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\System32\urroxtl.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

AU SECOURS A NOUVEAU !!!!! HEEEELP !!!!

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS