Connexion trés lente virus serwab

merci mille fois pour ton aide philae83 mais c trés compliqué pour moi je n'arrive pas à te suivre surtout la première partie (windows service monitor)
une question bette: est ce que un formatage peut resoudre mon problème . si oui comment éviter ces problèmes malgés que j'ai un anti virus mise à jour
merci de répondre

ok
recommencons
pour services.msc c'est bon
pour winsvcmon.exe est ce que je dois le lancer à partir mon poste de travail?
une nouvelle chose meme sur ma connexion sans fil (au lieu de mon travail) les mêmes pages web(serwab, winantivirus) me harcele.

le bouton arrêter n'est pas actif

Démarrer "Exécuter…" puis Tape "services.msc" et valide par OK
la fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné, sinon faites le.


************* jusqu'à ici c bon****************************


*************mais la suite j'ai un pb la colonne "non de quoi?***
Windows Service Monitor (winsvcmon)
et le chemin
C:\WINDOWS\System32\winsvcmon.exe

- Dans la colonne "Nom", DOUBLE CLIQUE sur le service noté en GRAS ci dessus, pour faire apparaître "Propriétés".
- Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement souligné.
- Puis clique sur Arrêter
- Dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
- valide la modification par OK
- Ferme la fenêtre des Services.

salut philae83 si tu es sur le forum fait moi savoir

pour cette partie:
Windows Protocol Deployment Manager (PDM) -
et le chemin
C:\WINDOWS\system32\5.tmp

- Dans la colonne "Nom", DOUBLE CLIQUE sur le service noté en GRAS ci dessus, pour faire apparaître "Propriétés".
- Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement souligné.
- Puis clique sur Arrêter
- Dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
- valide la modification par OK
- Ferme la fenêtre des Services.


windows ne veut pas l'arrêter d'ailleurs à chaque démarrage il m'affiche un message : le fichier 5.tmp est introuvable alors qu'il existe au chemin indiqué et lorsque j'ai essayé de le suprimer comme tu m'as demander : acces refusé

voici les deux fichiers
Logfile of HijackThis v1.99.1
Scan saved at 18:31:13, on 02/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1492E46E-D5D8-4BA6-BF1C-78967C67AF22} - C:\WINDOWS\system32\nnnlkji.dll
O2 - BHO: (no name) - {1B41D21A-1407-4FBD-A55E-B58C7F9D4EBF} - C:\WINDOWS\System32\ddcca.dll
O2 - BHO: (no name) - {729EF0DE-6A52-43BD-A27C-105A0CC8FA94} - C:\WINDOWS\System32\rqolm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\uxsdpdtk.dll",setvm
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: ddcca - C:\WINDOWS\System32\ddcca.dll
O20 - Winlogon Notify: nnnlkji - C:\WINDOWS\SYSTEM32\nnnlkji.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe





SDFix: Version 1.69

Run by admin - 02/03/2007 @ 18:22:26,90

Microsoft Windows XP [version 5.1.2600]

Running From: C:\Documents and Settings\admin\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
PDM
winsvcmon

Path:
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\System32\winsvcmon.exe

PDM Deleted
winsvcmon Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\.exe - Deleted
C:\DOCUME~1\admin\LOCALS~1\Temp\ICD1.tmp\jinstall-1_5_0_11.inf - Deleted
C:\DOCUME~1\admin\LOCALS~1\Temp\ICD1.tmp\jinstall.exe - Deleted
C:\WINDOWS\system32\.exe - Deleted
C:\WINDOWS\system32\3.tmp - Deleted
C:\WINDOWS\system32\4.tmp - Deleted
C:\WINDOWS\system32\5.tmp - Deleted
C:\WINDOWS\system32\6.tmp - Deleted
C:\WINDOWS\system32\7.tmp - Deleted
C:\WINDOWS\system32\8.tmp - Deleted
C:\WINDOWS\system32\9.tmp - Deleted
C:\WINDOWS\system32\A.tmp - Deleted
C:\WINDOWS\system32\B.tmp - Deleted
C:\WINDOWS\system32\C.tmp - Deleted
C:\WINDOWS\system32\D.tmp - Deleted
C:\WINDOWS\system32\E.tmp - Deleted
C:\WINDOWS\system32\F.tmp - Deleted
C:\WINDOWS\system32\10.tmp - Deleted
C:\WINDOWS\system32\11.tmp - Deleted
C:\WINDOWS\system32\12.tmp - Deleted
C:\WINDOWS\system32\13.tmp - Deleted
C:\WINDOWS\system32\14.tmp - Deleted
C:\WINDOWS\system32\15.tmp - Deleted
C:\WINDOWS\system32\16.tmp - Deleted
C:\WINDOWS\system32\17.tmp - Deleted
C:\WINDOWS\system32\18.tmp - Deleted
C:\WINDOWS\system32\19.tmp - Deleted
C:\WINDOWS\system32\1A.tmp - Deleted
C:\WINDOWS\system32\1B.tmp - Deleted
C:\WINDOWS\system32\1C.tmp - Deleted
C:\WINDOWS\system32\1D.tmp - Deleted
C:\WINDOWS\system32\1E.tmp - Deleted
C:\WINDOWS\system32\1F.tmp - Deleted
C:\WINDOWS\system32\20.tmp - Deleted
C:\WINDOWS\system32\21.tmp - Deleted
C:\WINDOWS\system32\22.tmp - Deleted
C:\WINDOWS\system32\23.tmp - Deleted
C:\WINDOWS\system32\24.tmp - Deleted
C:\WINDOWS\system32\28.tmp - Deleted
C:\WINDOWS\system32\10.tmp - Deleted
C:\WINDOWS\system32\11.tmp - Deleted
C:\WINDOWS\system32\12.tmp - Deleted
C:\WINDOWS\system32\13.tmp - Deleted
C:\WINDOWS\system32\14.tmp - Deleted
C:\WINDOWS\system32\15.tmp - Deleted
C:\WINDOWS\system32\16.tmp - Deleted
C:\WINDOWS\system32\17.tmp - Deleted
C:\WINDOWS\system32\18.tmp - Deleted
C:\WINDOWS\system32\19.tmp - Deleted
C:\WINDOWS\system32\1A.tmp - Deleted
C:\WINDOWS\system32\1B.tmp - Deleted
C:\WINDOWS\system32\1C.tmp - Deleted
C:\WINDOWS\system32\1D.tmp - Deleted
C:\WINDOWS\system32\1E.tmp - Deleted
C:\WINDOWS\system32\1F.tmp - Deleted
C:\WINDOWS\system32\winsvcmon.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted


Folder C:\DOCUME~1\admin\LOCALS~1\Temp\ICD1.tmp - Removed

ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------




Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\admin\Bureau\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\awtqpqr.dll
C:\WINDOWS\system32\awtsstq.dll
C:\WINDOWS\system32\awtstrs.dll
C:\WINDOWS\system32\byxyaay.dll
C:\WINDOWS\system32\cbxvwuv.dll
C:\WINDOWS\system32\cbxxvvv.dll
C:\WINDOWS\system32\ddcayab.dll
C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddccyyv.dll
C:\WINDOWS\system32\efcbawu.dll
C:\WINDOWS\system32\efcbcby.dll
C:\WINDOWS\system32\efcdecb.dll
C:\WINDOWS\system32\fccdbcy.dll
C:\WINDOWS\system32\fccyxvv.dll
C:\WINDOWS\system32\hgggfde.dll
C:\WINDOWS\system32\hgghhed.dll
C:\WINDOWS\system32\iifghgf.dll
C:\WINDOWS\system32\jkkhhff.dll
C:\WINDOWS\system32\khffecc.dll
C:\WINDOWS\system32\khfgghf.dll
C:\WINDOWS\system32\ljjigee.dll
C:\WINDOWS\system32\ljjiiih.dll
C:\WINDOWS\system32\mljhige.dll
C:\WINDOWS\system32\mljifda.dll
C:\WINDOWS\system32\mljighf.dll
C:\WINDOWS\system32\nnnligh.dll
C:\WINDOWS\system32\nnnlkji.dll
C:\WINDOWS\system32\nnnonli.dll
C:\WINDOWS\system32\pmnmlmk.dll
C:\WINDOWS\system32\pmnnlmn.dll
C:\WINDOWS\system32\pmnoooo.dll
C:\WINDOWS\system32\rqrqomm.dll
C:\WINDOWS\system32\rqrrpno.dll
C:\WINDOWS\system32\rqrspop.dll
C:\WINDOWS\system32\ssqqolj.dll
C:\WINDOWS\system32\tuvsqpm.dll
C:\WINDOWS\system32\tuvwuvv.dll
C:\WINDOWS\system32\urqnlmk.dll
C:\WINDOWS\system32\urqnmjj.dll
C:\WINDOWS\system32\urqppon.dll
C:\WINDOWS\system32\vturrqq.dll
C:\WINDOWS\system32\vtuuvsr.dll
C:\WINDOWS\system32\wvuvsrp.dll
C:\WINDOWS\system32\xxyawvv.dll
C:\WINDOWS\system32\xxyxxwx.dll
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL0602.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL0793.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL1547.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL1905.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL1906.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL1966.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL2074.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL2669.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL3427.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL3621.tmp
C:\Documents and Settings\admin\Application Data\Microsoft\Word\~WRL4081.tmp
C:\RECYCLER\S-1-5-21-2052111302-842925246-854245398-1003\Dc7\part1\~WRL0003.tmp
C:\WINDOWS\LastGood.Tmp\INF\oem10.inf
C:\WINDOWS\LastGood.Tmp\INF\oem10.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem11.inf
C:\WINDOWS\LastGood.Tmp\INF\oem11.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem12.inf
C:\WINDOWS\LastGood.Tmp\INF\oem12.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem13.inf
C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem2.inf
C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem3.inf
C:\WINDOWS\LastGood.Tmp\INF\oem3.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem4.inf
C:\WINDOWS\LastGood.Tmp\INF\oem4.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem6.inf
C:\WINDOWS\LastGood.Tmp\INF\oem6.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem7.inf
C:\WINDOWS\LastGood.Tmp\INF\oem7.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem8.inf
C:\WINDOWS\LastGood.Tmp\INF\oem8.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem9.inf
C:\WINDOWS\LastGood.Tmp\INF\oem9.PNF
C:\WINDOWS\system32\accdd.tmp
C:\WINDOWS\system32\uvwvw.tmp

Add/Remove Programs List:

EA SPORTS online 2005
Ad-aware 6 Professional
ATI - Utilitaire de d‚sinstallation du logiciel
Arabic Encyclopedia 2001
ATI Display Driver
Dell Wireless WLAN Card
Calcul de R‚sistances 2.1
Conexant D480 MDC V.9x Modem
Dell TrueMobile GPRS Driver
Dell TrueMobile GPRS Manager
EPSON Logiciel imprimante
ESC46 Guide de r‚f‚rence
ESC46 Guide des logiciels
FlashGet(JetCar)
HijackThis 1.99.1
Hijackthis Version Fran‡aise 1.99.0.1
Internet Explorer Q832894
O2Micro Smartcard Driver
Broadcom Gigabit Integrated Controller
Kazaa Lite Resurrection 0.0.7
Correctif Windows XP - KB823182
Correctif Windows XP - KB824105
Correctif Windows XP - KB824141
Correctif Windows XP - KB825119
Correctif Windows XP - KB826939
Correctif Windows XP - KB828028
Correctif Windows XP - KB828035
K-Lite Mega Codec Pack 1.00
MATLAB Family of Products Release 14
MIKSOFT Mobile 3GP converter
Microsoft VM for Java
Nero 6 Demo
Outlook Express Update Q330994
Correctif Windows XP (SP2) Q819696
RealPlayer
SpywareBlaster v2.6.1
Conjugaison2002
BlackJack ver 1.1.2
SAFEER TASALY PROGRAM
SAFEER TASALY PROGRAM (C:\\Program Files\\tasaly\\)
Microsoft Visual Studio 6.0 dition Entreprise (Fran‡ais)
Assistant Publication de sites Web Microsoft 1.53
Winamp (remove only)
Archiveur WinRAR
Yahoo! Toolbar avec bloqueur de fenˆtres pop-up
Yahoo! Extras
Yahoo! Toolbar
Yahoo! Install Manager
Microsoft Office 2000 Premium
Macromedia Dreamweaver MX 2004
Adobe Premiere Pro
PIF DESIGNER2.1
ATI Control Panel
Proteus 6 Demonstration
Google Toolbar for Internet Explorer
EPSON PRINT Image Framer Tool2.1
Macromedia Flash Player
Macromedia Flash MX 2004
J2SE Runtime Environment 5.0 Update 11
Windows Movie Maker 2.0
SAGEM F@st 800-840
Commande ECHO d‚sactiv‚e.
EPSON PhotoQuicker3.5
Java 2 Runtime Environment, SE v1.4.2_03
VSAdd-in for Internet Explorer
EPSON Web-To-Page
Kaspersky(TM) Anti-Virus Personal Pro 4.5
O2Micro Smartcard Driver
Shockwave Player
Macromedia FreeHand MXa
C-Major Audio
Macromedia Extension Manager
MSN Messenger 6.1
Adobe Reader 6.0.1 - Fran‡ais
Broadcom Gigabit Integrated Controller
Intel(R) PROSet
ACDSee 6.0 PowerPack Trial
FIFA 2005
Macromedia Fireworks MX 2004
ScanToWeb
SRVChess

Finished

sur la partie <24>:


le Windows Protocol Deployment Manager (PDM) n'existe pas sur la liste services.msc.

Puis

j'ai pas compris comment faire:

Ouvrir la section outils
Outils
Enlever un service NT
entre :
Windows Service Monitor
puis valide

puis


j'ai Posté le rapport Vundofix

puis


j'ai pas croché ces fichiers parce qu'ils sont inéxistant!

O2 - BHO: (no name) - {729EF0DE-6A52-43BD-A27C-105A0CC8FA94} - C:\WINDOWS\System32\rqolm.dll (file missing)
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\uxsdpdtk.dll",setvm

O20 - Winlogon Notify: ddcca - C:\WINDOWS\System32\ddcca.dll
O20 - Winlogon Notify: nnnlkji - C:\WINDOWS\SYSTEM32\nnnlkji.dll
O23 - Service: Windows Protocol Deployment Manager (PDM) - Unknown owner -

puis

avecKillbox.exe j'ai fait ce que tu m'as demander sauf pour
C:\WINDOWS\system32\5.tmp (inexistant)





voici les deux fichiers:


VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.3

Scan started at 23:58:31 27/02/2007

Listing files found while scanning....

C:\Documents and settings\admin\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\admin\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\ahhxtfaj.exe
C:\WINDOWS\System32\aveoqcjw.dll
C:\WINDOWS\system32\cdkinctj.dll
C:\WINDOWS\system32\jtcnikdc.ini
C:\WINDOWS\System32\wvwvu.dll

Beginning removal...

Attempting to delete C:\Documents and settings\admin\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\admin\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\admin\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\admin\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\Program Files\VSAdd-in\VSAdd-in.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ahhxtfaj.exe
C:\WINDOWS\system32\ahhxtfaj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cdkinctj.dll
C:\WINDOWS\system32\cdkinctj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtcnikdc.ini
C:\WINDOWS\system32\jtcnikdc.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\wvwvu.dll
C:\WINDOWS\System32\wvwvu.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.3

Scan started at 00:58:18 28/02/2007

Listing files found while scanning....


VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.3

Scan started at 01:06:52 28/02/2007

Listing files found while scanning....

C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\System32\aveoqcjw.dll

Beginning removal...

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\mljgggg.dll
C:\WINDOWS\System32\mljgggg.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\mljgggg.dll
C:\WINDOWS\System32\mljgggg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.3

Scan started at 18:08:06 28/02/2007

Listing files found while scanning....

C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\System32\aveoqcjw.dll

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.3

Scan started at 18:24:03 28/02/2007

Listing files found while scanning....


VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.3

Scan started at 16:26:14 02/03/2007

Listing files found while scanning....

C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\System32\aveoqcjw.dll
C:\WINDOWS\System32\mloqr.bak1
C:\WINDOWS\System32\mloqr.bak2
C:\WINDOWS\System32\mloqr.ini
C:\WINDOWS\System32\mloqr.ini2
C:\WINDOWS\System32\mloqr.tmp
C:\WINDOWS\System32\rqolm.dll
C:\WINDOWS\system32\tijbfjsu.ini
C:\WINDOWS\system32\usjfbjit.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\mloqr.bak1
C:\WINDOWS\System32\mloqr.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\mloqr.bak2
C:\WINDOWS\System32\mloqr.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\mloqr.ini
C:\WINDOWS\System32\mloqr.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\mloqr.ini2
C:\WINDOWS\System32\mloqr.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\mloqr.tmp
C:\WINDOWS\System32\mloqr.tmp Has been deleted!

Attempting to delete C:\WINDOWS\System32\rqolm.dll
C:\WINDOWS\System32\rqolm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tijbfjsu.ini
C:\WINDOWS\system32\tijbfjsu.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\usjfbjit.dll
C:\WINDOWS\system32\usjfbjit.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\System32\ddcca.dll
C:\WINDOWS\System32\ddcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnlkji.dll
C:\WINDOWS\system32\nnnlkji.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.9

Checking Java version...

Java version is 1.4.2.3

Scan started at 08:17:53 03/03/2007

Listing files found while scanning....

C:\Program Files\VSAdd-in\VSAdd-in.dll
C:\WINDOWS\system32\ktdpdsxu.ini
C:\WINDOWS\system32\uxsdpdtk.dll


Logfile of HijackThis v1.99.1
Scan saved at 09:50:33, on 03/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.1:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1492E46E-D5D8-4BA6-BF1C-78967C67AF22} - C:\WINDOWS\system32\nnnlkji.dll (file missing)
O2 - BHO: (no name) - {229C9FA3-6731-4B7C-AAFF-0B749C0DBA2E} - C:\WINDOWS\System32\ddcca.dll (file missing)
O2 - BHO: (no name) - {729EF0DE-6A52-43BD-A27C-105A0CC8FA94} - C:\WINDOWS\System32\rqolm.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe