Infecté par Vundo - Sécurité, virus et assimilés::Trojan et spywares

Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...

Auteur

Message

1 2

Namagem

Posté le 24/01/2008 16:45:34

Bonjour, j'ai découvert que j'étais infecté par le trojan Vundo depuis quelques jours, j'ai dû faire plusieurs nettoyages et scans avant de m'en rendre compte (heuresement, j'ai changé avast pour antivir, qui me le détecte toutes les 5 secondes).

J'ai fait la démarche (j'espère) correctement avec Vundofix, en essayant plusieurs scans (bien qu'il ne me l'ait détecté que la première fois).

D'habitude, j'arrive à me débrouiller à peu près seul, mais d'après ce que j'ai entendu dire, Vundo est un dur à cuire. Merci d'avance pour votre aide.

-->Message édité par Namagem le 24/01/2008 16:49:37<--

Diablo_n_me

Posté le 24/01/2008 16:48:01

Oui c'est un bète coriace.

Avant de commencer la désinfection. Edite ton premier message en supprimant les rapports.

Puis fais ceci >> http://sasi.xooit.fr/p374.htm <<

poste le rapport d'hijackthis

Namagem

Posté le 24/01/2008 16:53:15

Voilà le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:48:13, on 24/01/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par AOL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
F3 - REG:win.ini: load=C:\WINNT\system32\ddawu.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23F3E499-ECD2-4A7E-A228-F1D1C675C361} - C:\WINNT\system32\ddawu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PMXInit] C:\WINNT\system32\pmxinit.exe
O4 - HKLM\..\Run: [BM83ce1ca1] Rundll32.exe "C:\WINNT\system32\ojkmitlw.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Ne m'oublie pas !.lnk = C:\MicroApp\Cartes d'Anniversaire\REMIND.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINNT\system32\__c00D0958.dat
O20 - Winlogon Notify: rwiqolnd - rwiqolnd.dll (file missing)
O20 - Winlogon Notify: sysfldr - sysfldr.dll (file missing)
O23 - Service: 68100 - Unknown owner - \\78.113.1.171\Admin$\eraseme_24245.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--

Diablo_n_me

Posté le 24/01/2008 16:57:29

Quelques restes de Vundo

1/ Désactive ton antivirus

Télécharge sur ton bureau Combofix (de sUBs) :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

sauvegarde-le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche 1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste également son rapport.

-->Message édité par Diablo_n_me le 24/01/2008 16:57:57<--

Namagem

Posté le 24/01/2008 18:58:22

Je ne comprends pas, il n'affiche pas son rapport quand il finit... J'ai beau désactiver l'antivirus mais il revient au redémarrage (pour me dire que Vundo est toujours là) pendant que combofix termine. :sweat:

Il faut que je désactive tous les programmes qui se lancent au démarrage?

Diablo_n_me

Posté le 24/01/2008 19:31:56

Le rapport se trouve ici C:\Combofix.txt

Mérillym

Modérateur/Helper

Posté le 24/01/2008 19:35:52

tous les deux.

Combofix ne génère pas toujours de rapport depuis sa dernière MAJ

...

Si tu ne trouves pas le rapport Namagem, fais ça :

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
Execute.. laisse le scan se faire.

Poste le ou les rapports ici.

Voilà je vous laisse :hello:

-------
Dossier prévention>à lire
Si vous vous faites déjà aider sur un autre forum, merci de me le dire !

Diablo_n_me

Posté le 24/01/2008 19:39:16

Ok, Namagem suis le conseille de Mérillym

Namagem

Posté le 24/01/2008 22:06:33

Merci, voici les 2 rapports:

Deckard's System Scanner v20071014.68
Run by Clem on 2008-01-24 21:54:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 192 MiB (256 MiB recommended).

-- HijackThis (run as Clem.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55, on 2008-01-24
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\eMule\emule.exe
C:\WINNT\system32\wisptis.exe
C:\Documents and Settings\Clem\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Clem.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PMXInit] C:\WINNT\system32\pmxinit.exe
O4 - HKLM\..\Run: [BM83ce1ca1] Rundll32.exe "C:\WINNT\system32\ojkmitlw.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Ne m'oublie pas !.lnk = C:\MicroApp\Cartes d'Anniversaire\REMIND.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rwiqolnd - rwiqolnd.dll (file missing)
O20 - Winlogon Notify: sysfldr - sysfldr.dll (file missing)
O23 - Service: 68100 - Unknown owner - \\78.113.1.171\Admin$\eraseme_24245.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6333 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 ASCTRM - c:\winnt\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 CdaC15BA - c:\winnt\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R3 powervr - c:\winnt\system32\drivers\powervr.sys <Not Verified; Imagination Technologies Ltd.; KYRO>

S1 hidfltr (HID Filter Driver) - c:\winnt\system32\drivers\mwhid.sys
S2 npkcrypt - c:\program files\nexon\maplestory\npkcrypt.sys (file missing)
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\winnt\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 gbalink (GBA Link Driver (gbalink.sys)) - c:\winnt\system32\drivers\gbalink.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
S3 Stmatm (ATM/ADSL miniport) - c:\winnt\system32\drivers\stmatm.sys <Not Verified; STMicroelectronics; Unicorn ADSL>
S3 TaurusUsb (ADSL Modem USB Service) - c:\winnt\system32\drivers\torususb.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 C-DillaCdaC11BA - c:\winnt\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>

S3 68100 - \\78.113.1.171\admin$\eraseme_24245.exe (file missing)
S3 Boonty Games - "c:\program files\fichiers communs\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Device
Device ID: USB\VID_0000&PID_0000\6&2439A8F0&0&4
Manufacturer: (Contrôleur hôte USB standard)
Name: USB Device
PNP Device ID: USB\VID_0000&PID_0000\6&2439A8F0&0&4
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ATM/ADSL miniport
Device ID: ROOT\STM-ATMADSL\0000
Manufacturer: BeWAN systems
Name: ATM/ADSL miniport
PNP Device ID: ROOT\STM-ATMADSL\0000
Service: stmatm

-- Files created between 2007-12-24 and 2008-01-24 -----------------------------

2008-01-24 16:47:19 0 d-------- C:\Program Files\Trend Micro
2008-01-23 22:01:33 0 d-------- C:\VundoFix Backups
2008-01-23 20:31:51 643848 ---h----- C:\WINNT\ShellIconCache
2008-01-23 17:54:18 0 d-------- C:\Program Files\Avira
2008-01-23 17:54:18 0 d-------- C:\Documents and Settings\All Users.WINNT\Application Data\Avira
2008-01-23 13:06:16 217088 --a------ C:\WINNT\pmxreg .exe <Not Verified; Imagination Technologies Ltd.; PowerVR KYRO>
2008-01-23 12:42:06 0 ---h----- C:\CONFIG.SYS
2008-01-23 12:42:06 0 ---h----- C:\AUTOEXEC.BAT
2008-01-23 08:52:25 0 d-a------ C:\WINNT\msapps
2008-01-23 07:27:12 0 d-------- C:\$WIN_NT$.~BT
2008-01-21 19:05:28 0 d-------- C:\Documents and Settings\Clem\Application Data\Lavasoft
2008-01-21 16:53:41 27751 --a----c- C:\WINNT\cc_20080121_1653.reg
2008-01-17 00:03:16 61816 --a----c- C:\WINNT\cc_20080117_0003.reg
2008-01-09 19:42:07 0 d-a------ C:\Program Files\DsNET Corp
2008-01-09 18:07:11 0 d-a------ C:\Program Files\Nuclear Coffee
2008-01-07 19:32:26 2560 --a----c- C:\WINNT\_MSRSTRT.EXE
2008-01-06 20:55:40 0 d-a------ C:\Program Files\Ultra Utility
2008-01-04 18:05:51 0 d-a------ C:\Program Files\MP3 Player Utilities 4.15
2008-01-04 10:52:59 745543 --a----c- C:\WINNT\system32\pmxinit .exe <Not Verified; Imagination Technologies Ltd.; PowerVR KYRO>
2008-01-03 19:04:38 100 --a----c- C:\WINNT\start.reg
2008-01-03 18:59:54 0 d-------- C:\3D Prophet Kyro Series Drivers
2008-01-01 15:34:35 17 --a----c- C:\WINNT\ Case Maker

-- Find3M Report ---------------------------------------------------------------

2008-01-24 18:53:50 0 d-a------ C:\Program Files\eMule
2008-01-24 18:49:49 0 d-a------ C:\Program Files\Mozilla Thunderbird
2008-01-24 17:01:47 0 d-a------ C:\Program Files\MSN Messenger
2008-01-23 12:39:56 444558 --a------ C:\WINNT\system32\perfh00C.dat
2008-01-23 12:39:56 67732 --a------ C:\WINNT\system32\perfc00C.dat
2008-01-23 12:37:04 15644 --a----c- C:\WINNT\system32\emptyregdb.dat
2008-01-19 12:22:55 0 d-------- C:\Documents and Settings\Clem\Application Data\Adobe
2008-01-16 23:59:54 0 d-a------ C:\Program Files\SC
2008-01-03 17:48:40 0 d-ah----- C:\Program Files\InstallShield Installation Information
2008-01-02 12:17:57 0 d-a------ C:\Program Files\Fichiers communs\AOL
2008-01-01 21:23:25 0 d-a------ C:\Program Files\Fichiers communs
2008-01-01 21:21:45 0 d-------- C:\Documents and Settings\Clem\Application Data\AOL
2007-12-12 17:14:42 0 d-a------ C:\Program Files\MessengerPlus! 3
2007-12-05 16:47:12 681 --a----c- C:\WINNT\mozver.dat
2007-11-25 17:31:20 0 d-a------ C:\Program Files\KONAMI
2007-11-25 17:10:46 0 d-a------ C:\Program Files\Yu-Gi-Oh Virtual Battle 5

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-23 13:00 C:\WINNT\system32\mobsync.exe]
"PMXInit"="C:\WINNT\system32\pmxinit.exe" []
"BM83ce1ca1"="C:\WINNT\system32\ojkmitlw.dll" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [08-01-24 18:06 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [08-01-24 17:01 ]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

C:\Documents and Settings\All Users.WINNT\Menu D‚marrer\Programmes\D‚marrage\
Ne m'oublie pas !.lnk - C:\MicroApp\Cartes d'Anniversaire\REMIND.EXE [2007-07-09 10:50:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rwiqolnd]
rwiqolnd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sysfldr]
sysfldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2008-01-24 21:57:04 ------------

Et le "Extra":

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows 2000 Professionnel (build 2195) SP 4.0
Architecture: X86; Language: French

CPU 0: Processeur Intel Pentium II
Percentage of Memory in Use: 59%
Physical Memory (total/avail): 191.55 MiB / 76.85 MiB
Pagefile Memory (total/avail): 458.46 MiB / 283.41 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.4 GiB total, 10.26 GiB free.
D: is Fixed (FAT32) - 6.02 GiB total, 2.55 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - FUJITSU MPC3064AT - 6.04 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 6.04 GiB - D:

\\.\PHYSICALDRIVE0 - Maxtor 6E020L0 - 19.41 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 19.4 GiB - C:

\\.\PHYSICALDRIVE2 - LEXAR JUMPDRIVE USB Device - 243.17 MiB - 1 partition
\PARTITION0 - FAT 16 bits - 247.48 MiB

\\.\PHYSICALDRIVE3 - USB Flash Disk USB Device - 980.53 MiB - 1 partition
\PARTITION0 (bootable) - Win95 avec Inter.13 étendue - 983.98 MiB

-- Security Center -------------------------------------------------------------

AUOptions is disabled.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINNT
APPDATA=C:\Documents and Settings\Clem\Application Data
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=ALAIN-6011592C8
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\
LANG=fr
LOGONSERVER=\\ALAIN-6011592C8
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\Program Files\Mozilla Firefox;C:\WINNT\system32;C:\WINNT;C:\WINNT\system32\WBEM
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 5 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0502
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\Clem\LOCALS~1\Temp
TMP=C:\DOCUME~1\Clem\LOCALS~1\Temp
USERDOMAIN=ALAIN-6011592C8
USERNAME=Clem
USERPROFILE=C:\Documents and Settings\Clem
windir=C:\WINNT

-- User Profiles ---------------------------------------------------------------

Alain [I](admin)[/I]
Clem [I](admin)[/I]
camille [I](admin)[/I]
Administrateur.ALAIN-6011592C8 [I](admin)[/I]

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\AOL\AOL Toolbar 4.0\uninstall.exe"
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Action Replay GBX --> C:\WINNT\IsUn040c.exe -f"C:\Program Files\Datel\ActionReplayGBX\Uninst.isu"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINNT\system32\Macromed\Flash\UninstFl.exe -q
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40d
Adobe Reader 6.0.2 ME --> MsiExec.exe /I{AC76BA86-7AD7-1036-7646-6EA000000001}
Adobe Shockwave Player --> C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Ahead Nero Burning ROM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Analyseur et SDK XML Microsoft --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
aTube Catcher 1.0 rc2 --> MsiExec.exe /I{37C95931-4262-4D4C-85B1-A215D77C42A8}
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AWicons Lite --> C:\Program Files\AWicons Lite\uninstall.exe C:\Program Files\AWicons Lite\uninstall.log
BeWAN ADSL modem --> rundll32.exe stmcfg32.dll,Uninstall
Bomberman Online International 3.0 --> "C:\Program Files\Bomberman Online International\unins000.exe"
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Combined Community Codec Pack 2006-01-18 (Remove Only) --> C:\Program Files\Combined Community Codec Pack\Uninstall.exe
Correctif cumulatif 1 pour Windows 2000 SP4 --> "C:\WINNT\$NtUpdateRollupPackUninstall$\spuninst\spuninst.exe"
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations] --> C:\WINNT\$NtUninstallQ828026$\spuninst\spuninst.exe
Correctif Windows 2000 - KB842773 --> C:\WINNT\$NtUninstallKB842773$\spuninst\spuninst.exe
Correctif Windows 2000 - KB890046 --> "C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB893756 --> "C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB896358 --> "C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB896422 --> "C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB896423 --> "C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB896424 --> "C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB899587 --> "C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB899589 --> "C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB900725 --> "C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB901017 --> "C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB901214 --> "C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB905414 --> "C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB905495 --> "C:\WINNT\$NtUninstallKB905495-IE6SP1-20050805.184113$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB905749 --> "C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB908519 --> "C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB908523 --> "C:\WINNT\$NtUninstallKB908523$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB908531 --> "C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB911280 --> "C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB911567 --> "C:\WINNT\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB912812 --> "C:\WINNT\$NtUninstallKB912812-IE6SP1-20060322.182418$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB912919 --> "C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB913580 --> "C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB914388 --> "C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB914389 --> "C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB916281 --> "C:\WINNT\$NtUninstallKB916281-IE6SP1-20060526.162249$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB917008 --> "C:\WINNT\$NtUninstallKB917008$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB917159 --> "C:\WINNT\$NtUninstallKB917159$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB917422 --> "C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB917537 --> "C:\WINNT\$NtUninstallKB917537$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB917736 --> "C:\WINNT\$NtUninstallKB917736$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB917953 --> "C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB918118 --> "C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB918439 --> "C:\WINNT\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB918899 --> "C:\WINNT\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB920213 --> "C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB920670 --> "C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB920683 --> "C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB920685 --> "C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB920958 --> "C:\WINNT\$NtUninstallKB920958$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB921398 --> "C:\WINNT\$NtUninstallKB921398$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB921883 --> "C:\WINNT\$NtUninstallKB921883$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB922582 --> "C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB922616 --> "C:\WINNT\$NtUninstallKB922616$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB923191 --> "C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB923414 --> "C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB923694 --> "C:\WINNT\$NtUninstallKB923694-OE6SP1-20061106.120000$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB923980 --> "C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB924191 --> "C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB924270 --> "C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB924667 --> "C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB925486 --> "C:\WINNT\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB925902 --> "C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB926122 --> "C:\WINNT\$NtUninstallKB926122$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB926436 --> "C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB927891 --> "C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB928843 --> "C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB929969 --> "C:\WINNT\$NtUninstallKB929969-IE6SP1-20061220.120000$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB930178 --> "C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB931784 --> "C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB932168 --> "C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB933566 --> "C:\WINNT\$NtUninstallKB933566-IE6SP1-20070417.120000$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB935839 --> "C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Correctif Windows 2000 - KB935840 --> "C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Digital Camera Driver --> C:\PROGRA~1\Actebis\UNWISE.EXE C:\PROGRA~1\Actebis\INSTALL.LOG
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Ecran de veille AOL Photos --> C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall
EPSON Logiciel imprimante --> C:\WINNT\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
ESDX4000_4050_CX3900 --> C:\Program Files\EPSON\TPMANUAL\ESDX4000_4050_CX3900\USE_G\DOCUNINS.EXE
GBA Media Version 1.3 --> C:\PROGRA~1\GBAMED~1\UNWISE.EXE C:\PROGRA~1\GBAMED~1\INSTALL.LOG
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HydraIRC --> "C:\Program Files\HydraIRC\uninstall.exe"
IconoMaker --> "C:\Program Files\IconoMaker\uninstall.exe"
Ink --> MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
KYRO --> C:\WINNT\IsUn040c.exe -f"C:\Program Files\Hercules\KYRO\Uninst.isu" -c"C:\Program Files\Hercules\SharedUninst\pmxgenin.dll"
Language pack for Ad-Aware SE --> C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\Langs\INSTALL.LOG
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x40c mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x40c mmUninstall
MediaFACE 4.01 --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{41979C2F-34B8-4F92-8111-B13C5864682D} /l1036
MediaFACE 4.01 Image Library --> C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{82AF77BC-423D-42DA-BE5B-FFCA04752181} /l1036
MegaStore --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{78FAAF25-07DA-11D9-B095-009027EC0701}
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Micro Application - Cartes d'Anniversaire --> C:\WINNT\unin040c.exe -f"C:\MicroApp\Cartes d'Anniversaire\DeIsL2.isu"
Microsoft .NET Framework 2.0 --> C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office 97 Standard --> C:\Program Files\Microsoft Office\Office\Install\Acme.exe /w Off97Std.stf
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565) --> "C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) --> "C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows 2000 (KB904706) -->
Mise à jour de sécurité pour Windows 2000 (KB923689) --> "C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Mise à jour système du Lecteur Windows Media (Série 9) --> C:\PROGRA~1\WINDOW~3\setup_wm.exe /Uninstall
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3 Player Utilities 4.15 --> MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MP3 WAV Converter 3.15 --> C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
My DSC --> C:\Program Files\InstallShield Installation Information\{225af9a1-b556-88d5-94aa-0010b5426419}\setup.exe
Neuf - Kit de connexion --> C:\Program Files\Neuf\Kit\uninstall.exe
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
PhotoFiltre --> "D:\Clem\utilitaires\PhotoFiltre\Uninst.exe"
PIF DESIGNER --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
PowerArchiver --> C:\Program Files\PowerArchiver\UNINST.EXE
PowerVR Tools --> C:\WINNT\system32\pmxinit.exe -RemoveCPLPages
Project64 1.6 --> MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
RealPlayer Basic --> C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
SafeCast Shared Components --> C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
Shockwave --> C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\INSTALL.LOG
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SLD Codec Pack --> C:\Program Files\SLD Codec Pack\uninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StuffPlug-NG (Messenger Plus! Plugins) --> C:\Program Files\MessengerPlus! 3\Plugins\StuffPlug-NG\Uninstall.exe
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Ulead Photo Express 4.0 SE --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}\setup.exe"
Ultra Utility --> "C:\Program Files\Ultra Utility\Beta 16\Uninstall\uninstall.exe" "/U:C:\Program Files\Ultra Utility\Beta 16\Uninstall\uninstall.xml"
Videosoft H.264 Decoder 2.2 BETA --> MsiExec.exe /X{5E86E9C0-3FE1-44C4-BE6D-2D88493E812C}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
Yu-Gi-Oh Virtual Battle 5.11 --> C:\Program Files\Yu-Gi-Oh Virtual Battle 5\Uninstal.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type1213 / Warning
Event Submitted/Written: 01/24/2008 05:50:43 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Vundo.Gen'
in the file
C:\WINNT\system32\ddawu.dll

Event Record #/Type1210 / Warning
Event Submitted/Written: 01/24/2008 05:37:35 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Vundo.Gen'
in the file
C:\WINNT\system32\ddawu.dll

Event Record #/Type1206 / Warning
Event Submitted/Written: 01/24/2008 05:14:11 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Vundo.Gen'
in the file
C:\WINNT\system32\ddawu.dll

Event Record #/Type1203 / Warning
Event Submitted/Written: 01/24/2008 04:57:44 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Vundo.Gen'
in the file
C:\WINNT\system32\ddawu.dll

Event Record #/Type1202 / Warning
Event Submitted/Written: 01/24/2008 04:57:40 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Vundo.Gen'
in the file
C:\WINNT\system32\ddawu.dll

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type1692 / Error
Event Submitted/Written: 01/24/2008 07:07:18 PM
Event ID/Source: 31012 / ipnathlp
Event Description:
L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale
des serveurs de résolution de noms.
Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local.
La donnée est le code de l'erreur.

Event Record #/Type1689 / Error
Event Submitted/Written: 01/24/2008 07:07:15 PM
Event ID/Source: 31012 / ipnathlp
Event Description:
L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale
des serveurs de résolution de noms.
Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local.
La donnée est le code de l'erreur.

Event Record #/Type1688 / Error
Event Submitted/Written: 01/24/2008 07:07:15 PM
Event ID/Source: 31012 / ipnathlp
Event Description:
L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale
des serveurs de résolution de noms.
Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local.
La donnée est le code de l'erreur.

Event Record #/Type1687 / Error
Event Submitted/Written: 01/24/2008 07:07:14 PM
Event ID/Source: 31012 / ipnathlp
Event Description:
L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale
des serveurs de résolution de noms.
Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local.
La donnée est le code de l'erreur.

Event Record #/Type1686 / Error
Event Submitted/Written: 01/24/2008 07:07:14 PM
Event ID/Source: 31012 / ipnathlp
Event Description:
L'agent proxy DNS a rencontré une erreur lors de l'obtention de la liste locale
des serveurs de résolution de noms.
Des serveurs DNS ou WINS peuvent être inaccessibles aux clients sur le réseau local.
La donnée est le code de l'erreur.

-- End of Deckard's System Scanner: finished at 2008-01-24 21:57:04 ------------

Namagem

Posté le 26/01/2008 17:45:23

Petite up pour savoir où ça en est...
Encore merci.

EDIT: Toujours rien?

Mérillym

Modérateur/Helper

Posté le 26/01/2008 17:47:47

Je ne connais pas Windows 2000 donc je ne préfère pas t'aider

Je te conseille de poster dans le topic : pas de réponse depuis jours, quelqu'un s'en chargera très certainement

-------
Dossier prévention>à lire
Si vous vous faites déjà aider sur un autre forum, merci de me le dire !

Namagem

Posté le 26/01/2008 18:12:42

D'accord, merci. ^_^

Diablo_n_me

Posté le 26/01/2008 18:48:15

Bonsoir Namagem

** Télécharger sur le Bureau VundoFix (d'atribune)
http://www.atribune.org/ccount/click.php?id=4

= Double-clic VundoFix.exe.
= Clique sur Scan for Vundo
= le scan est assez long , à la fin. Clique sur Remove Vundo puis sur Yes
= Le Bureau disparaît un moment lors de la suppression des fichiers infectés.
= Un message SHUTDOWN t'avertira que l'ordinateur va redémarrer tu clique sur OK
=Redémarrage auto
Note : il peut y avoir plusieurs redémarrages
= le rapport se trouve dans C:\vundofix.txt

tu postes le rapport vundofix

//////////////////////////////////////////////////////////

Télécharge sur le bureau VirtumondoBegone
ici : http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
=Double clic sur VirtumundoBeGone.exe
=clique sur Continue
=clique sur Start
=clique sur Oui
=A la fin si Vundo est présent , le PC s’éteint et redémarre

Si Ecran bleu et message : Erreur fatale .. pas de problème

=Postes le rapport VBG.TXT qui est sur le bureau

Namagem

Posté le 27/01/2008 15:04:52

Bonjour Diablo, VundoFix n'a rien trouvé (j'avais déjà fait l'opération avant de poster ici, c'est peut-être pour ça). Voici son rapport:

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 22:01:33 23/01/2008

Listing files found while scanning....

C:\WINNT\system32\hggfdaw.dll

Beginning removal...

Attempting to delete C:\WINNT\system32\hggfdaw.dll
C:\WINNT\system32\hggfdaw.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 22:10:51 23/01/2008

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 07:23:56 24/01/2008

Listing files found while scanning....

No infected files were found.

VundoFix V6.5.4

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 16:16:17 24/01/2008

Listing files found while scanning....

No infected files were found.

VundoFix V6.7.7

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 14:14:45 2008-01-27

Listing files found while scanning....

No infected files were found.

Et voilà le rapport de Virtumundobegone (le pc n'a pas redémarré et j'ai eu aucun écran bleu, il a fait ça très vite):

[01/27/2008, 14:57:40] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Clem\Bureau\VirtumundoBeGone.exe" )
[01/27/2008, 14:57:42] - Detected System Information:
[01/27/2008, 14:57:42] - Windows Version: 5.0.2195, Service Pack 4
[01/27/2008, 14:57:42] - Current Username: Clem (Admin)
[01/27/2008, 14:57:42] - Windows is in NORMAL mode.
[01/27/2008, 14:57:42] - Searching for Browser Helper Objects:
[01/27/2008, 14:57:42] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/27/2008, 14:57:42] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[01/27/2008, 14:57:42] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/27/2008, 14:57:42] - BHO 4: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} (AOL Toolbar Launcher)
[01/27/2008, 14:57:42] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/27/2008, 14:57:42] - Finished Searching Browser Helper Objects
[01/27/2008, 14:57:42] - Finishing up...
[01/27/2008, 14:57:42] - Nothing found! Exiting...

-->Message édité par Namagem le 27/01/2008 15:07:50<--

Diablo_n_me

Posté le 27/01/2008 15:11:07

Bonjour

Reposte moi un rapport hijackthis stp

Namagem

Posté le 27/01/2008 15:39:17

Le voilà:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35, on 2008-01-27
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PMXInit] C:\WINNT\system32\pmxinit.exe
O4 - HKLM\..\Run: [BM83ce1ca1] Rundll32.exe "C:\WINNT\system32\ojkmitlw.dll",s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Ne m'oublie pas !.lnk = C:\MicroApp\Cartes d'Anniversaire\REMIND.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rwiqolnd - rwiqolnd.dll (file missing)
O20 - Winlogon Notify: sysfldr - sysfldr.dll (file missing)
O23 - Service: 68100 - Unknown owner - \\78.113.1.171\Admin$\eraseme_24245.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6283 bytes

Diablo_n_me

Posté le 28/01/2008 19:31:04

Relance hijackthis => Do a systel scan only puis coche ces lignes et clique sur FixChecked

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PMXInit] C:\WINNT\system32\pmxinit.exe
O4 - HKLM\..\Run: [BM83ce1ca1] Rundll32.exe "C:\WINNT\system32\ojkmitlw.dll",s
O20 - Winlogon Notify: rwiqolnd - rwiqolnd.dll (file missing)
O20 - Winlogon Notify: sysfldr - sysfldr.dll (file missing)
O23 - Service: 68100 - Unknown owner - \\78.113.1.171\Admin$\eraseme_24245.exe (file missing)

Redémarre en mode sans échec
Guide : http://www.sasi.ifrance.com/Mode_sans_echec.htm

Affiche les fichiers/dossiers cachés
Guide : http://www.astwinds.com/astuces/fichiers_caches.html

Recherche & supprime le fichier en gras
C:\WINNT\system32\ojkmitlw.dll

Redémarre en mode normal puis poste moi un nouveau rapport hijackthis

Namagem

Posté le 28/01/2008 22:24:52

Bonsoir Diablo, j'ai cherché le fichier en questions à plusieurs reprises, mais je ne l'ai pas trouvé. Je n'ai donc pas supprimé ojkmitlw.dll .

Depuis que j'ai fait le FixChecked avec Hijackthis, ça devient galère, mon antivirus s'emballe (obligé de le couper), et la plupart des programmes ne démarrent plus.

Diablo_n_me

Posté le 29/01/2008 13:22:39

Fais cette procédure
http://sasi.xooit.fr/t41-Utilisation-de-OtMoveIt-d-Old-Timer.htm

Voici le chemin du fichiers à supprimer :

C:\WINNT\system32\ojkmitlw.dll

Poste moi le rapport

Namagem

Posté le 29/01/2008 18:59:54

Bonsoir Diablo,

Le logiciel ne fonctionne pas, il me dit qu'il a rencontré une instruction illégale ou quelque chose dans ce goût là. J'ai essayé en mode sans échec, et j'ai une sorte de tiret blanc qui se ballade dans toute la fenêtre MS DOS, et rien d'autre. J'ai beau attendre, ça fait rien du tout.

Diablo_n_me

Posté le 29/01/2008 19:17:44