Security toolbard 7.1

La classe la barre a disparue je te mets le log:


[10/23/2007, 21:59:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Adé\Bureau\VirtumundoBeGone.exe" )
[10/23/2007, 21:59:15] - Detected System Information:
[10/23/2007, 21:59:15] - Windows Version: 5.1.2600, Service Pack 2
[10/23/2007, 21:59:15] - Current Username: Adé (Admin)
[10/23/2007, 21:59:15] - Windows is in NORMAL mode.
[10/23/2007, 21:59:15] - Searching for Browser Helper Objects:
[10/23/2007, 21:59:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/23/2007, 21:59:15] - BHO 2: {163D9676-810E-11DC-8314-0800200C9A66} (SystemApp)
[10/23/2007, 21:59:15] - BHO 3: {4601D761-D53A-4508-88CA-39AFCD53FC08} ()
[10/23/2007, 21:59:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:15] - Checking for HKLM\...\Winlogon\Notify\oppmm
[10/23/2007, 21:59:15] - Key not found: HKLM\...\Winlogon\Notify\oppmm, continuing.
[10/23/2007, 21:59:15] - BHO 4: {6DB3F881-19A2-4085-ABD0-DBD56E71F4F5} ()
[10/23/2007, 21:59:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:15] - Checking for HKLM\...\Winlogon\Notify\iifefgf
[10/23/2007, 21:59:15] - Found: HKLM\...\Winlogon\Notify\iifefgf - This is probably Virtumundo.
[10/23/2007, 21:59:15] - Assigning {6DB3F881-19A2-4085-ABD0-DBD56E71F4F5} MSEvents Object
[10/23/2007, 21:59:15] - BHO list has been changed! Starting over...
[10/23/2007, 21:59:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/23/2007, 21:59:15] - BHO 2: {163D9676-810E-11DC-8314-0800200C9A66} (SystemApp)
[10/23/2007, 21:59:15] - BHO 3: {4601D761-D53A-4508-88CA-39AFCD53FC08} ()
[10/23/2007, 21:59:15] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:15] - Checking for HKLM\...\Winlogon\Notify\oppmm
[10/23/2007, 21:59:16] - Key not found: HKLM\...\Winlogon\Notify\oppmm, continuing.
[10/23/2007, 21:59:16] - BHO 4: {6DB3F881-19A2-4085-ABD0-DBD56E71F4F5} (MSEvents Object)
[10/23/2007, 21:59:16] - ALERT: Found MSEvents Object!
[10/23/2007, 21:59:16] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/23/2007, 21:59:16] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/23/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:16] - No filename found. Continuing.
[10/23/2007, 21:59:16] - BHO 7: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/23/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:16] - Checking for HKLM\...\Winlogon\Notify\ehvdqdfy
[10/23/2007, 21:59:16] - Key not found: HKLM\...\Winlogon\Notify\ehvdqdfy, continuing.
[10/23/2007, 21:59:16] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} ()
[10/23/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:16] - Checking for HKLM\...\Winlogon\Notify\bcwrwfiz
[10/23/2007, 21:59:16] - Found: HKLM\...\Winlogon\Notify\bcwrwfiz - This is probably Virtumundo.
[10/23/2007, 21:59:16] - Assigning {A95B2816-1D7E-4561-A202-68C0DE02353A} MSEvents Object
[10/23/2007, 21:59:16] - BHO list has been changed! Starting over...
[10/23/2007, 21:59:16] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/23/2007, 21:59:16] - BHO 2: {163D9676-810E-11DC-8314-0800200C9A66} (SystemApp)
[10/23/2007, 21:59:16] - BHO 3: {4601D761-D53A-4508-88CA-39AFCD53FC08} ()
[10/23/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:16] - Checking for HKLM\...\Winlogon\Notify\oppmm
[10/23/2007, 21:59:16] - Key not found: HKLM\...\Winlogon\Notify\oppmm, continuing.
[10/23/2007, 21:59:16] - BHO 4: {6DB3F881-19A2-4085-ABD0-DBD56E71F4F5} (MSEvents Object)
[10/23/2007, 21:59:16] - ALERT: Found MSEvents Object!
[10/23/2007, 21:59:16] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/23/2007, 21:59:16] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/23/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:16] - No filename found. Continuing.
[10/23/2007, 21:59:16] - BHO 7: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/23/2007, 21:59:16] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:16] - Checking for HKLM\...\Winlogon\Notify\ehvdqdfy
[10/23/2007, 21:59:16] - Key not found: HKLM\...\Winlogon\Notify\ehvdqdfy, continuing.
[10/23/2007, 21:59:16] - BHO 8: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[10/23/2007, 21:59:16] - ALERT: Found MSEvents Object!
[10/23/2007, 21:59:16] - Finished Searching Browser Helper Objects
[10/23/2007, 21:59:16] - *** Detected MSEvents Object
[10/23/2007, 21:59:16] - Trying to remove MSEvents Object...
[10/23/2007, 21:59:17] - Terminating Process: IEXPLORE.EXE
[10/23/2007, 21:59:18] - Terminating Process: RUNDLL32.EXE
[10/23/2007, 21:59:18] - Disabling Automatic Shell Restart
[10/23/2007, 21:59:18] - Terminating Process: EXPLORER.EXE
[10/23/2007, 21:59:19] - Suspending the NT Session Manager System Service
[10/23/2007, 21:59:19] - Terminating Windows NT Logon/Logoff Manager
[10/23/2007, 21:59:20] - Re-enabling Automatic Shell Restart
[10/23/2007, 21:59:20] - File to disable: C:\WINDOWS\system32\iifefgf.dll
[10/23/2007, 21:59:20] - Renaming C:\WINDOWS\system32\iifefgf.dll -> C:\WINDOWS\system32\iifefgf.dll.vir
[10/23/2007, 21:59:20] - File successfully renamed!
[10/23/2007, 21:59:20] - Removing HKLM\...\Browser Helper Objects\{6DB3F881-19A2-4085-ABD0-DBD56E71F4F5}
[10/23/2007, 21:59:21] - Removing HKCR\CLSID\{6DB3F881-19A2-4085-ABD0-DBD56E71F4F5}
[10/23/2007, 21:59:21] - Adding Kill Bit for ActiveX for GUID: {6DB3F881-19A2-4085-ABD0-DBD56E71F4F5}
[10/23/2007, 21:59:21] - Deleting ATLEvents/MSEvents Registry entries
[10/23/2007, 21:59:21] - Removing HKLM\...\Winlogon\Notify\iifefgf
[10/23/2007, 21:59:21] - Searching for Browser Helper Objects:
[10/23/2007, 21:59:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/23/2007, 21:59:21] - BHO 2: {163D9676-810E-11DC-8314-0800200C9A66} (SystemApp)
[10/23/2007, 21:59:21] - BHO 3: {4601D761-D53A-4508-88CA-39AFCD53FC08} ()
[10/23/2007, 21:59:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:21] - Checking for HKLM\...\Winlogon\Notify\oppmm
[10/23/2007, 21:59:21] - Key not found: HKLM\...\Winlogon\Notify\oppmm, continuing.
[10/23/2007, 21:59:21] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/23/2007, 21:59:21] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/23/2007, 21:59:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:21] - No filename found. Continuing.
[10/23/2007, 21:59:22] - BHO 6: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/23/2007, 21:59:22] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:22] - Checking for HKLM\...\Winlogon\Notify\ehvdqdfy
[10/23/2007, 21:59:22] - Key not found: HKLM\...\Winlogon\Notify\ehvdqdfy, continuing.
[10/23/2007, 21:59:22] - BHO 7: {A95B2816-1D7E-4561-A202-68C0DE02353A} (MSEvents Object)
[10/23/2007, 21:59:22] - ALERT: Found MSEvents Object!
[10/23/2007, 21:59:22] - Finished Searching Browser Helper Objects
[10/23/2007, 21:59:22] - *** Detected MSEvents Object
[10/23/2007, 21:59:22] - Trying to remove MSEvents Object...
[10/23/2007, 21:59:23] - Terminating Process: IEXPLORE.EXE
[10/23/2007, 21:59:23] - Terminating Process: RUNDLL32.EXE
[10/23/2007, 21:59:24] - Disabling Automatic Shell Restart
[10/23/2007, 21:59:24] - Terminating Process: EXPLORER.EXE
[10/23/2007, 21:59:24] - Suspending the NT Session Manager System Service
[10/23/2007, 21:59:24] - Terminating Windows NT Logon/Logoff Manager
[10/23/2007, 21:59:24] - Re-enabling Automatic Shell Restart
[10/23/2007, 21:59:24] - File to disable: C:\WINDOWS\system32\bcwrwfiz.dll
[10/23/2007, 21:59:25] - Renaming C:\WINDOWS\system32\bcwrwfiz.dll -> C:\WINDOWS\system32\bcwrwfiz.dll.vir
[10/23/2007, 21:59:25] - File successfully renamed!
[10/23/2007, 21:59:25] - Removing HKLM\...\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[10/23/2007, 21:59:25] - Removing HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
[10/23/2007, 21:59:25] - Adding Kill Bit for ActiveX for GUID: {A95B2816-1D7E-4561-A202-68C0DE02353A}
[10/23/2007, 21:59:25] - Deleting ATLEvents/MSEvents Registry entries
[10/23/2007, 21:59:25] - Removing HKLM\...\Winlogon\Notify\bcwrwfiz
[10/23/2007, 21:59:25] - Searching for Browser Helper Objects:
[10/23/2007, 21:59:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
[10/23/2007, 21:59:25] - BHO 2: {163D9676-810E-11DC-8314-0800200C9A66} (SystemApp)
[10/23/2007, 21:59:25] - BHO 3: {4601D761-D53A-4508-88CA-39AFCD53FC08} ()
[10/23/2007, 21:59:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:25] - Checking for HKLM\...\Winlogon\Notify\oppmm
[10/23/2007, 21:59:26] - Key not found: HKLM\...\Winlogon\Notify\oppmm, continuing.
[10/23/2007, 21:59:26] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/23/2007, 21:59:26] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/23/2007, 21:59:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:26] - No filename found. Continuing.
[10/23/2007, 21:59:26] - BHO 6: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/23/2007, 21:59:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/23/2007, 21:59:26] - Checking for HKLM\...\Winlogon\Notify\ehvdqdfy
[10/23/2007, 21:59:26] - Key not found: HKLM\...\Winlogon\Notify\ehvdqdfy, continuing.
[10/23/2007, 21:59:26] - Finished Searching Browser Helper Objects
[10/23/2007, 21:59:26] - Finishing up...
[10/23/2007, 21:59:26] - A restart is needed.
[10/23/2007, 21:59:31] - Attempting to Restart via STOP error (Blue Screen!)


Maintenant je vais passer au combofix


Ajout du 23-10-2007 à 22:41:

"PHIME2002ASync"="--C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="--C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
"IgfxTray"="--C:\WINDOWS\system32\igfxtray.exe" []
"SynTPLpr"="--C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
"SynTPEnh"="--C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"avast!"="--C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-05 10:03]
"bc88e12c"="C:\WINDOWS\system32\iyxhnylp.dll" [2007-10-23 21:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\oppmm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STDSB]
C:\WINDOWS\system32\drivers\STDSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-23 18:30:00 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 22:34:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-23 22:38:28 - machine was rebooted
.
--- E O F ---
">

Voilà notre dernier log.
EN tout cas merci encore
que dois je faire?

il manque une partie du rapport de combofix

voila

ComboFix 07-10-23.1 - Ad‚ 2007-10-23 22:18:21.1 - NTFSx86
Microsoft Windows XP �dition familiale 5.1.2600.2.1252.1.1036.18.695 [GMT 2:00]
Running from: C:\Documents and Settings\Ad‚\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Ad‚\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Ad‚\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Ad‚\Favoris\Online Security Guide.lnk
C:\Documents and Settings\Ad‚_2\Bureau\Live Safety Center.lnk
C:\Documents and Settings\Ad‚_2\Bureau\Online Security Guide.lnk
C:\Documents and Settings\Ad‚_2\Favoris\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\bcwrwfiz.dllbox
C:\WINDOWS\system32\ehvdqdfy.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mmppo.bak1
C:\WINDOWS\system32\mmppo.bak2
C:\WINDOWS\system32\mmppo.ini
C:\WINDOWS\system32\mmppo.ini2
C:\WINDOWS\system32\oppmm.dll
C:\WINDOWS\system32\plugin1.dat
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\qirnwdae.dll
C:\WINDOWS\system32\SysPr.prx
C:\WINDOWS\system32\xrteydbq.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers créés 2007-09-23 to 2007-10-23 ))))))))))))))))))))))))))))))))))))
.

2007-10-23 22:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-23 21:53 84,544 --a------ C:\WINDOWS\system32\iyxhnylp.dll
2007-10-23 20:49 <REP> d-------- C:\VundoFix Backups
2007-10-23 20:41 <REP> d-------- C:\Program Files\Navilog1
2007-10-23 20:31 2,464 --a------ C:\WINDOWS\system32\tmp.reg
2007-10-23 20:30 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-10-23 20:30 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-10-23 20:30 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-10-23 20:30 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-10-23 19:37 <REP> d-------- C:\Program Files\Trend Micro
2007-10-23 19:31 340,032 --a------ C:\WINDOWS\system32\bcwrwfiz.dll.vir
2007-10-23 19:30 340,032 --a------ C:\WINDOWS\system32\vnvqmxxh.dll
2007-10-23 12:51 <REP> d-------- C:\Program Files\Enlight
2007-10-23 12:25 <REP> d--h----- C:\Program Files\SystemApp
2007-10-23 12:25 145,929 --a------ C:\WINDOWS\system32\sysdl132.exe
2007-10-23 12:25 33,792 --a------ C:\WINDOWS\system32\iifefgf.dll.vir
2007-10-21 13:01 <REP> d-------- C:\Program Files\Eidos Interactive
2007-10-18 21:46 <REP> d-------- C:\Program Files\uTorrent
2007-10-18 21:46 <REP> C:\Documents and Settings\Adé\Application Data\uTorrent
2007-10-16 12:49 <REP> d-------- C:\Program Files\Gabest
2007-10-16 12:40 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-10-13 08:59 <REP> C:\Documents and Settings\Adé\Recent
2007-10-09 10:49 <REP> C:\Documents and Settings\Adé_2\Application Data\vlc
2007-10-08 10:49 <REP> d-------- C:\Program Files\Snapshot Viewer
2007-10-08 10:42 <REP> C:\Documents and Settings\Adé_2\Application Data\Microsoft Web Folders
2007-10-07 13:35 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-10-07 13:35 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-10-07 13:35 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-10-07 13:35 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-10-07 13:35 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-10-07 13:35 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-07 13:35 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-10-07 13:27 <REP> d-------- C:\Program Files\Codemasters
2007-10-06 15:29 <REP> d-------- C:\Program Files\Metin2_France
2007-10-05 16:08 <REP> C:\Documents and Settings\Adé_2\Application Data\Sonic
2007-10-05 16:08 <REP> C:\Documents and Settings\Adé_2\Application Data\Leadertech
2007-10-04 22:01 <REP> d-------- C:\WINTAB
2007-10-04 18:49 <REP> C:\Documents and Settings\Adé_2\Application Data\uTorrent
2007-10-04 18:23 1,386,496 --a------ C:\WINDOWS\system\MSVBVM60.DLL
2007-10-04 18:23 569,344 --a------ C:\WINDOWS\system\OLEAUT32.DLL
2007-10-04 18:23 262,656 --a------ C:\WINDOWS\system\COMDLG32.DLL
2007-10-04 18:23 119,568 --a------ C:\WINDOWS\system\VB6FR.DLL
2007-10-04 18:23 106,496 --a------ C:\WINDOWS\system\OLEPRO32.DLL
2007-10-04 18:23 77,824 --a------ C:\WINDOWS\system\ASYCFILT.DLL
2007-10-04 18:23 3,584 --a------ C:\WINDOWS\system\COMCAT.DLL
2007-10-03 20:44 46,256 C:\Documents and Settings\Adé\Application Data\GDIPFONTCACHEV1.DAT
2007-10-02 21:27 <REP> d-------- C:\demo esthetique
2007-10-02 21:07 <REP> d-------- C:\WsoftBeaute
2007-10-02 21:06 <REP> d-------- C:\WSOFT ARTE BEAUTE
2007-10-02 21:06 <REP> d-------- C:\Program Files\Fichiers communs\PC SOFT
2007-09-30 21:15 46,256 C:\Documents and Settings\Adé_2\Application Data\GDIPFONTCACHEV1.DAT
2007-09-28 21:04 <REP> C:\Documents and Settings\Adé_2\Application Data\OpenOffice.org2
2007-09-28 17:25 <REP> d-------- C:\Program Files\adslTV
2007-09-26 19:23 <REP> d--h----- C:\BJPrinter
2007-09-26 19:23 94,720 --a------ C:\WINDOWS\system32\CNMLM2v.DLL
2007-09-26 19:23 36,864 --a------ C:\WINDOWS\system32\CNMCP2V.EXE
2007-09-26 19:23 5,632 --a------ C:\WINDOWS\system32\CNMVS2v.DLL
2007-09-26 12:58 <REP> d-------- C:\Program Files\Neuf
2007-09-26 09:48 83,968 --a------ C:\WINDOWS\system32\CNBJMON2.DLL
2007-09-25 22:14 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-25 22:14 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-25 11:38 <REP> d-------- C:\Program Files\1CVPRO

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-23 20:28 5,767,168 ----a-w C:\Documents and Settings\Adé\ntuser.dat
2007-10-23 17:54 2,621,440 ---ha-w C:\Documents and Settings\Adé_2\NTUSER.DAT
2007-10-23 14:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-14 11:47 --------- d-s---w C:\Documents and Settings\Adé\Application Data\Microsoft
2007-10-08 11:12 --------- d-s---w C:\Documents and Settings\Adé_2\Application Data\Microsoft
2007-10-07 11:19 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-07 10:26 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-10-07 10:26 --------- d-----w C:\Documents and Settings\Adé\Application Data\Real
2007-10-07 07:47 --------- d-----w C:\Program Files\Wanadoo
2007-10-06 08:37 --------- d-----w C:\Program Files\Google
2007-10-05 19:49 --------- d-----w C:\Program Files\Elaborate Bytes
2007-10-05 19:48 --------- d-----w C:\Program Files\BankPerfect
2007-10-05 19:47 --------- d-----w C:\Program Files\honestech Video Editor 7.0 Trial
2007-09-30 19:04 --------- d-----w C:\Documents and Settings\Adé_2\Application Data\Adobe
2007-09-28 15:25 --------- d-----w C:\Documents and Settings\Adé\Application Data\vlc
2007-09-25 13:58 --------- d-----w C:\Documents and Settings\Adé\Application Data\Adobe
2007-09-24 11:11 --------- d-----w C:\Program Files\IncrediMail
2007-09-18 10:06 --------- d-----w C:\Program Files\MSN Messenger
2007-09-10 19:14 --------- d-----w C:\Documents and Settings\Adé_2\Application Data\TransRender
2007-09-10 19:14 --------- d-----w C:\Documents and Settings\Adé_2\Application Data\Temporary
2007-09-10 19:14 --------- d-----w C:\Documents and Settings\Adé_2\Application Data\Samsung
2007-09-10 19:14 --------- d-----w C:\Documents and Settings\Adé_2\Application Data\ConvertTemp
2007-09-10 18:28 --------- d-----w C:\Documents and Settings\Adé_2\Application Data\Real
2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-28 16:25 --------- d-----w C:\Documents and Settings\Adé_2\Application Data\CyberLink
2007-08-27 18:16 --------- d-----w C:\Program Files\BitZipper
2007-08-27 11:04 --------- d-----w C:\Program Files\Java
2007-08-27 10:09 --------- d-----w C:\Documents and Settings\Adé_2\Application Data\BitZipper
2006-05-03 09:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{163D9676-810E-11DC-8314-0800200C9A66}]
2007-10-23 12:25 95232 --a------ C:\Program Files\SystemApp\ie-improver.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="--C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" []
"PHIME2002ASync"="--C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
"PHIME2002A"="--C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" []
"IgfxTray"="--C:\WINDOWS\system32\igfxtray.exe" []
"SynTPLpr"="--C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
"SynTPEnh"="--C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"avast!"="--C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-05 10:03]
"bc88e12c"="C:\WINDOWS\system32\iyxhnylp.dll" [2007-10-23 21:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\oppmm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe /c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
"c:\Apps\Powercinema\PCMService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STDSB]
C:\WINDOWS\system32\drivers\STDSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\Wanadoo\Watch.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-23 18:30:00 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 22:34:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-23 22:38:28 - machine was rebooted
.
--- E O F ---

Télécharger sur le bureau

Otmoveit.exe

= Copier ce texte en gras


C:\WINDOWS\system32\bcwrwfiz.dll.vir
C:\WINDOWS\system32\vnvqmxxh.dll
C:\WINDOWS\system32\sysdl132.exe
C:\WINDOWS\system32\iifefgf.dll.vir
C:\WINDOWS\system32\iyxhnylp.dll

= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse
-------

redemarre le PC et dire si il y a encore des problemes
=======================================================
merci de mettre tous les rapports sous Spoiler

pour cela sélectionner la totalité de chaque rapport mis dans la case réponse
et clic sur le point d'interrogation en bas à droite de cette case
(à coté de TeX)

Voila le rapport:



Les problemes je te redis dans qq minutes


Ajout du 24-10-2007 à 20:32:

Re donc le virus la barre n'est plus installé mais je pense qu'on a supprimer une dll qu'il ne fallait pas car à présent dès que je rédemarre le PC il me dit:
ERREUR RUNDLL
erreur de chargement de c:\WINDOWS\system32\iyxhnylp.dll
Le module spécifique est introuvable voila que dois je faire?



Ajout du 24-10-2007 à 20:32:

Re donc le virus la barre n'est plus installé mais je pense qu'on a supprimer une dll qu'il ne fallait pas car à présent dès que je rédemarre le PC il me dit:
ERREUR RUNDLL
erreur de chargement de c:\WINDOWS\system32\iyxhnylp.dll
Le module spécifique est introuvable voila que dois je faire?

il s'agit encore de l'infection

refais un nouveau rapport hijackthis

VOila

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:35:29, on 24/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Adé\Bureau\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SystemApp - {163D9676-810E-11DC-8314-0800200C9A66} - C:\Program Files\SystemApp\ie-improver.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] --"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] --C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] --C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] --C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPLpr] --C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] --C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] --C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bc88e12c] rundll32.exe "C:\WINDOWS\system32\iyxhnylp.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - --"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - --"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (file missing)
O23 - Service: avast! Antivirus - Unknown owner - --"C:\Program Files\Alwil Software\Avast4\ashServ.exe" (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - --"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - --"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - --"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - --"C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" (file missing)
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - --"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - --"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 7101 bytes

relancer hijack
"Do A System Scan Only"

cocher ces lignes et clic ensuite sur FIX CHECKED


O4 - HKLM\..\Run: [bc88e12c] rundll32.exe "C:\WINDOWS\system32\iyxhnylp.dll",b

= Copier ce texte en gras

C:\WINDOWS\system32\iyxhnylp.dll

= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse
-------
tu n'as aucun antivirus

Antivir

Utilisation d'antivir

et un pare-feu

Kerio
Essai 30 jours en version “ FULL” , puis fonctionne ensuite en gratuit version “Free”
mode emploi Kerio

VOila j'ai fait

File/Folder C:\WINDOWS\system32\iyxhnylp.dll not found.

Created on 10/24/2007 20:42:27
Sinon si j'ai un anti virus mais il n'est pas enclenhé ... erreure je le remet en route de suite

ok lequel est ce ?