Barre de recherche google remplacée par yoog

Question

Bonjour,
Depuis environ 3 semaines ma barre de recherche google a été remplacée par "yoog shearch" et jee ne peut pas remettre google à longue durée.De plus des pub se nommant :"ron ads by milehigads" ou "contextual ads by milehigads".Finalement, 2 programmes inconnus sont apparut sur mon PC ,se sont : "Contextual Tool Milehigads" et "Milehigads Games Collection" quand je les désinstallent ils reviennent aprés que j'ai redémarrer mon PC.
Aidez moi SVP

marc94 · Answer

à coté de ta barre de recherche (à gauche normalement), il y a une image qui est un menu déroulant quand tu cliques dessus et tu choisis google

Utilisateur anonyme · Answer

Bonjour TaTanne,
Fais un nettoyage avec ca: http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware , ensuite avec ca: http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
Ensuite, tu telecharges ca: https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 , tu fais l'option 1 et tu postes le rapport.
A+

TaTanne5 · Answer

je l'ai deja fait cela mais dés que je relance firefox  yoog reviens

TaTanne5 · Answer

lacharpente :oui je vais faire ce que tu dis.

TaTanne5 · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6000 ) 
   X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU          530  @ 1.73GHz )
   BIOS : Default System BIOS
   USER : Jonathan ( Not Administrator ! )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1201 [VPS 090131-0] 4.8.1201 (Activated)
   Firewall  : ZoneAlarm Firewall 7.1.254.000 (Activated)
   C:\ (Local Disk) - NTFS - Total:51 Go (Free:7 Go)
   D:\ (Local Disk) - NTFS - Total:50 Go (Free:50 Go)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 01/02/2009|16:35 )

   [ UAC => 1 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\Cookies\jonathan@mywebsearch[1].txt

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://search.speedbit.com/"
   "SEARCH PAGE"="https://www.google.com/?gws_rd=ssl"
   "Local Page"="C:\Windows\system32\blank.htm"
   "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://fr.yahoo.com/"
   "Default_Page_URL"="https://fr.yahoo.com/"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "msbqwdjb"="c:\users\jonathan\appdata\local\msbqwdjb.exe msbqwdjb"

   [b]==> EGDACCESS <==/b



   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 01/02/2009|16:37 - Option : [1]

   -----------\  Fin du rapport a 16:37:27,93

Utilisateur anonyme · Answer

RE
Tu desactives l'UAC et tu redemarres: http://www.bibou0007.com/windows-vista-f102/tutorial-desactiver-l-uac-sur-vista-t132.htm , ensuite , tu desactives la protection residente d' avast et zone alarme. Tu relances toolbar s&d, tu fais l'option 2 et tu repostes le rapport.
A+

TaTanne5 · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6000 ) 
   X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU          530  @ 1.73GHz )
   BIOS : Default System BIOS
   USER : Jonathan ( Not Administrator ! )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1201 [VPS 090201-0] 4.8.1201 (Not Activated)
   Firewall  : ZoneAlarm Firewall 7.1.254.000 (Not Activated)
   C:\ (Local Disk) - NTFS - Total:51 Go (Free:7 Go)
   D:\ (Local Disk) - NTFS - Total:50 Go (Free:50 Go)
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 01/02/2009|17:00 )

   [ UAC => 0 ]

   -----------\ SUPPRESSION

   Supprime! - C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\Cookies\jonathan@mywebsearch[1].txt

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="http://search.speedbit.com/"
   "SEARCH PAGE"="https://www.google.com/?gws_rd=ssl"
   "Local Page"="C:\Windows\system32\blank.htm"
   "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="https://fr.yahoo.com/"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "msbqwdjb"="c:\users\jonathan\appdata\local\msbqwdjb.exe msbqwdjb"

   [b]==> EGDACCESS <==/b



   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 01/02/2009|16:37 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 01/02/2009|17:01 - Option : [2]

   -----------\  Fin du rapport a 17:01:35,68

Utilisateur anonyme · Answer

RE
Reactives l'uac, et redemarres, verifies si antivirus et parefeu sont reactiver aussi. Regardes si tu as une amelioration de ton probleme. Telecharges hijack: http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
tu clic sur "do a scann and save log", et tu postes le rapport.
A+

TaTanne5 · Answer

Pour l'instant rien à changé.
Voila le rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:25:19, on 01/02/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [lxdjmon.exe] "C:\Program Files\Lexmark 1400 Series\lxdjmon.exe"
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msbqwdjb] c:\users\jonathan\appdata\local\msbqwdjb.exe msbqwdjb
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://ownbloog.com/phpmyvisites/libs/smarty/internals/core.process_tracking_visits/SOPCORE.CAB
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://gameyard.com/online_games/zenerchi_online/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdj_device -   - C:\Windows\system32\lxdjcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

RE
Tu as une infection avec ca: 
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll 
J'ai vu que tu avait SpyBoot, mets le a jour,et fais un nettoyage avec, regardes si il enleve ca. Pas de quarantaine, tu supprimes tout. Supprimes aussi les quarantaines et sauvegardes de Malwarbytes et de Ccleaner, ensuite va faire un antivirus en ligne, avec IE7 ici: http://assiste.com.free.fr/...
Repostes moi ce qu'ils ont trouve.
A+

TaTanne5 · Answer

est ce que je doit " fixer " les lignes 010 ???

Utilisateur anonyme · Answer

RE
Non, tu risque de perdre des lignes d'informations de ton pc en faisant cela d'ici, As tu fais Spyboot et l'antivirus en ligne apres?
Est ce que yoog est aussi sur IE7 et sur d'autres sessions?
A+

TaTanne5 · Answer

Non yoog n'est pas sur IE7 et je n'ai aucune autres session sur cet ordi.Je suis en train de faire un scan spybot .Après je lancerai l'antivirus en ligne

Utilisateur anonyme · Answer

Re 
D'accord, regardes bien dans spyboot, si tu vois des lignes correspondantes a celles 010, meme avec l'antivirus
A tout a l'heure

TaTanne5 · Answer

File name
Threat name
Threats count
C:\Users\Jonathan\AppData\Local\Microsoft\Messenger\jorminator_5@hotmail.fr\Sharing Folders\le-zink-du_25@hotmail.fr\Script_msn__\Voir contact qui ton bloquer(pour lui).plsc
Infected: Backdoor.JS.Agent.a
1

C:\Users\Jonathan\AppData\Local\Microsoft\Messenger\jorminator_5@hotmail.fr\Sharing Folders\simon.rouaud@hotmail.fr\Script_msn__\Voir contact qui ton bloquer(pour lui).plsc
Infected: Backdoor.JS.Agent.a
1

C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer\msimg32.dll
Infected: not-a-virus:AdTool.Win32.MyWebSearch.cg
1

C:\Users\Jonathan\Desktop\Restes
ew skeens.plsc
Infected: Backdoor.JS.Agent.a
1

C:\Users\Jonathan\Documents\Dossiers texte\Script_msn__\Voir contact qui ton bloquer(serveur).plsc
Infected: Backdoor.JS.Agent.a
1

C:\Users\Jonathan\Documents\Dossiers texte\Script_msn__.rar
Infected: Backdoor.JS.Agent.a
1

C:\Users\Jonathan\Documents\Logiciels\CursorManiaSetup2.3.50.10.ZCfox000.exe
Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au
1

C:\Users\Jonathan\Documents\MSN\Script_msn__\Voir contact qui ton bloquer(pour lui).plsc
Infected: Backdoor.JS.Agent.a
1

The selected area was scanned.

Utilisateur anonyme · Answer

RE
Ca c'est le rapport de l'antivirus, as tu eliminer? Spyboot a t'il trouve quelque chose?
A+

TaTanne5 · Answer

oui 2 elements infectés et je les ai supprimés.

Utilisateur anonyme · Answer

RE
Tu telecharges ca: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe et tu redemarres en mode sans echecs, redesactives l'UAC, si tu l'avais remis.
    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le script.
      Il est possible que l'outil demande un nouveau redémarrage en mode Sans Échec en début de routine, si une infection particulière est détectée; valide et tapote la touche F8 au redémarrage pour accéder aux options de démarrage.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log HijackThis !
A+

TaTanne5 · Answer

J'ai un petit problème : quand je double clic sur "RunThis.bat" une fenêtre bleue s'affiche et se referme aussitôt.Que faire ?

Utilisateur anonyme · Answer

RE
Essayes clic droit, executer en administrateur.
A+

TaTanne5 · Answer

En executant en tant qu'administrateur il se passe la meme chose : le script s'ouvre et se referme aussitôt.

TaTanne5 · Answer

up :)

Utilisateur anonyme · Answer

RE
Telecharges ca , tu l'executes, a la fin, tu postes le rapport: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Ne touches pas aux PC, ne t'inquietes pas des avertissements pour l'UAC et programmes nonmicrosoft.
A+

TaTanne5 · Answer

ComboFix 09-02-06.01 - Jonathan 2009-02-06 22:01:43.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2037.1123 [GMT 1:00]
Lancé depuis: c:\users\Jonathan\Documents\My Completed Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1201 [VPS 090206-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\egdhdytqhxypps.dll
c:\users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\ac1bca74-1731-1960-bd74-760ec461ba52
c:\users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\F9B4.tmp
c:\users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp12E.tmp
c:\users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmp99A4.tmp
c:\users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpF6DE.tmp
c:\users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\tmpFCE6.tmp
c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-06 au 2009-02-06 ))))))))))))))))))))))))))))))))))))
.

2009-02-05 21:08 . 2009-02-05 21:08 <REP> d-------- c:\program files\PC Inspector File Recovery
2009-02-05 21:08 . 2002-02-18 18:40 6,200 --a------ c:\windows\System32\INT13EXT.VXD
2009-02-03 18:57 . 2008-11-06 02:03 <REP> d-------- C:\SDFix
2009-02-01 16:21 . 2009-02-01 17:01 <REP> d-------- C:\ToolBar SD
2009-02-01 16:20 . 2009-02-01 16:20 <REP> d-------- c:\users\Jonathan\AppData\Roaming\Malwarebytes
2009-02-01 16:20 . 2009-02-01 16:20 <REP> d-------- c:\users\All Users\Malwarebytes
2009-02-01 16:20 . 2009-02-01 16:20 <REP> d-------- c:\programdata\Malwarebytes
2009-02-01 16:20 . 2009-02-01 16:20 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-01 16:20 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-01 16:20 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-01 03:30 . 2009-02-01 03:30 <REP> d-------- c:\program files\Trend Micro
2009-01-28 21:19 . 2009-01-28 21:19 <REP> d-------- c:\users\All Users\Messenger Plus!
2009-01-28 21:19 . 2009-01-28 21:19 <REP> d-------- c:\programdata\Messenger Plus!
2009-01-28 19:37 . 2009-01-29 00:00 <REP> d-------- c:\program files\Messenger Plus! Live
2009-01-27 22:35 . 2009-01-27 22:35 <REP> d-------- c:\program files\Common Files\INCA Shared
2009-01-27 22:35 . 2003-07-16 07:17 5,174 --a------ c:\windows\System32\nppt9x.vxd
2009-01-27 22:35 . 2004-12-30 22:43 4,682 --a------ c:\windows\System32\npptNT2.sys
2009-01-27 21:52 . 1996-10-03 16:45 92,208 --a------ c:\windows\system\WING.DLL
2009-01-27 21:52 . 1996-10-03 16:45 12,800 --a------ c:\windows\system\WING32.DLL
2009-01-27 21:30 . 2009-01-27 21:30 <REP> d-------- c:\program files\gPotato.eu
2009-01-26 23:38 . 2009-02-03 21:45 <REP> d-------- c:\users\Jonathan\AppData\Roaming\BitTorrent
2009-01-22 19:27 . 2009-01-22 19:27 <REP> d-------- c:\users\Jonathan\AppData\Roaming\Lexmark Imaging Studio
2009-01-22 19:22 . 2009-02-03 19:02 <REP> d-------- c:\program files\Lx_cats
2009-01-22 18:51 . 2009-01-22 18:51 <REP> d-------- C:\logs
2009-01-22 18:48 . 2007-02-23 07:31 344,064 --a------ c:\windows\System32\lxdjcoin.dll
2009-01-22 18:45 . 2009-01-22 18:46 <REP> d-------- c:\program files\Lexmark 1400 Series
2009-01-20 19:28 . 2009-01-20 19:38 <REP> d-------- c:\users\Jonathan\AppData\Roaming\FontCreator
2009-01-20 19:28 . 2009-01-20 19:28 <REP> d-------- c:\program files\High-Logic
2009-01-18 19:29 . 2009-01-18 19:30 <REP> d-------- c:\program files\SpeedBit Video Accelerator
2009-01-18 19:00 . 2009-01-27 21:52 <REP> d-------- c:\users\All Users\SpeedBit
2009-01-18 19:00 . 2009-01-27 21:52 <REP> d-------- c:\programdata\SpeedBit
2009-01-18 19:00 . 2009-01-18 19:03 <REP> d-------- c:\program files\DAP
2009-01-18 19:00 . 2009-01-18 19:00 479,298 --a------ c:\windows\System32\wbocx.ocx
2009-01-18 19:00 . 2009-01-18 19:00 50,688 --a------ c:\windows\System32\wbhelp2.dll
2009-01-17 18:55 . 2009-01-17 18:55 <REP> d-------- c:\users\Jonathan\AppData\Roaming\Eyeblaster
2009-01-17 18:53 . 2009-01-17 18:53 <REP> d-------- c:\users\Jonathan\AppData\Roaming\Zylom
2009-01-16 18:50 . 2009-01-16 18:56 <REP> d-------- c:\program files\Web Photo Album
2009-01-16 18:50 . 2009-01-16 18:56 <REP> d-------- c:\program files\Cartoonist
2009-01-14 19:58 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\System32\d3dx9_33.dll
2009-01-14 19:58 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
2009-01-14 19:58 . 2007-07-20 00:57 267,112 --a------ c:\windows\System32\xactengine2_9.dll
2009-01-14 19:58 . 2007-04-04 18:53 81,768 --a------ c:\windows\System32\xinput1_3.dll
2009-01-14 19:56 . 2009-01-14 19:57 <REP> d-------- c:\program files\JellyCar
2009-01-14 15:33 . 2009-01-16 21:50 <REP> d-------- c:\program files\Plasma Pong
2009-01-14 15:17 . 2009-01-14 15:25 <REP> d-------- c:\program files\Rumble Box
2009-01-14 14:54 . 2008-12-16 04:14 290,304 --a------ c:\windows\System32\drivers\srv.sys
2009-01-14 14:47 . 2009-01-14 14:49 <REP> d-------- c:\users\Jonathan\AppData\Roaming\Crayon Physics Deluxe
2009-01-14 14:45 . 2009-01-14 14:45 <REP> d-------- c:\program files\Crayon Physics Deluxe Demo
2009-01-14 14:39 . 2009-01-14 14:43 69,007 --a------ c:\windows\System32\egdhdytqhxypps.dll-uninst.exe
2009-01-07 16:32 . 2009-01-07 16:32 <REP> d-------- c:\program files\Paint.NET

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 21:10 --------- d---a-w c:\programdata\TEMP
2009-02-06 21:07 352,614 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-02-06 21:01 1,572,864 --sha-w c:\users\Invité\NTUSER.DAT
2009-02-06 21:01 1,572,864 --sha-w c:\users\Invité\NTUSER.DAT
2009-02-05 20:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-05 14:09 17,679,172 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_02_05_12_23_19_full.dmp.zip
2009-02-05 11:23 1,089,536 ----a-w c:\windows\Internet Logs\xDBA044.tmp
2009-02-01 22:09 --------- d-----w c:\users\Jonathan\AppData\Roaming\OpenOffice.org2
2009-02-01 19:09 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-02-01 18:23 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-01 16:21 32,247,074 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_02_01_17_14_23_full.dmp.zip
2009-01-28 11:57 8,343,258 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_01_27_23_42_07_full.dmp.zip
2009-01-27 20:41 8,568,299 ----a-w c:\windows\Internet Logs\tvDebug.zip
2009-01-21 19:44 532,992 ----a-w c:\windows\Internet Logs\xDB97BC.tmp
2009-01-14 18:23 --------- d-----w c:\program files\Windows Mail
2009-01-14 13:33 --------- d-----w c:\program files\Shareaza
2009-01-12 17:34 30,861,907 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_01_12_01_04_00_full.dmp.zip
2009-01-10 21:31 17,109,947 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2009_01_10_18_51_32_full.dmp.zip
2009-01-10 17:51 2,826,240 ----a-w c:\windows\Internet Logs\xDB9701.tmp
2009-01-01 02:23 --------- d-----w c:\users\Jonathan\AppData\Roaming\gtk-2.0
2008-12-31 21:36 31,771,501 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_12_31_22_29_36_full.dmp.zip
2008-12-31 17:44 30,900,099 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_12_30_18_14_25_full.dmp.zip
2008-12-27 17:00 --------- d-----w c:\users\Jonathan\AppData\Roaming\Image Zone Express
2008-12-27 03:05 30,891,059 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_12_26_22_04_12_full.dmp.zip
2008-12-23 21:24 --------- d-----w c:\program files\Intel
2008-12-23 21:10 --------- d-----w c:\programdata\ma-config.com
2008-12-23 21:10 --------- d-----w c:\program files\ma-config.com
2008-12-12 17:54 174 --sha-w c:\program files\desktop.ini
2008-12-12 16:54 --------- d-----w c:\programdata\Microsoft Help
2008-12-10 22:50 --------- d-----w c:\program files\GameYard.com
2008-12-10 22:46 --------- d-----w c:\program files\Tetris
2003-06-03 21:05 373,504 ----a-w c:\users\Jonathan\balistic.exe
2009-01-05 18:29 652,288 ----a-w c:\program files\mozilla firefox\components\nsmilehighads.dll
2007-12-02 16:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-02 16:00 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-02 16:00 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"RocketDock"="c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock.exe" [2007-03-19 630784]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-10 171448]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-01-18 3061248]
"SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2009-01-18 2823784]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2007-03-02 43008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-12-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-12-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-12-02 150552]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]
"LXDJCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll" [2007-02-10 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
--a------ 2008-10-01 12:00 5723136 c:\program files\Shareaza\Shareaza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-10 20:18 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A9191AA0-F975-422A-A045-8BE6C6A94DD2}"= c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{C8A951A8-BB7D-44C5-B947-EB3AB29A846B}"= c:\program files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{585C86AC-AE4D-4313-81DF-771121FEAA30}"= c:\program files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{ABEFDFC7-B36D-4F11-BB03-0E2865E19AEA}"= c:\program files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{5942F504-9F77-4CBD-A127-7293D6D9A7A9}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{95044D37-3E30-437E-81A3-49C1346C2127}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{43FD13EE-3F81-4E95-A64A-0030472597C1}"= c:\program files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{CD2DB7CC-4A24-477E-9800-207661F9DB12}"= c:\program files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{8A5D3F52-899D-4A4C-B113-B659927C3663}"= c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{04A31C05-53BF-473C-9FC4-303391FDA16F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{8B8934F1-0CDC-4FCF-8EB6-FBECB2719CEE}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{9566B095-1AF8-422A-AA5D-D48B458A6AC1}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{781734A5-EE3A-4B5C-88A4-6EA740313044}"= Disabled:UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{37A27F9D-4996-4888-8387-23CA780C2F7B}"= Disabled:TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B4F733A3-B7C5-4639-82AD-7A256C038639}"= Disabled:UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{C0EC4F81-3A69-4D50-9C08-1C0B256772DA}"= Disabled:TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail
"{ACD07096-1714-46F0-A352-BE02C9D40E17}"= Disabled:UDP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{2FBDDEDE-6357-4FD5-AE92-B6F43DC9B0E3}"= Disabled:TCP:c:\program files\Magentic\bin\MgImp.exe:Magentic
"{BB37B900-942B-4F8B-848A-762F779E464A}"= Disabled:UDP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{BEC717A4-AC96-4ED1-809E-DB1A4AA037B9}"= Disabled:TCP:c:\program files\Magentic\bin\Magentic.exe:Magentic
"{421608CB-4C04-48AF-B563-05E2CE73707C}"= Disabled:UDP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{5A78D918-AAA9-4E4F-B5A9-24CCDDC2F21F}"= Disabled:TCP:c:\program files\Magentic\bin\MgApp.exe:Magentic
"{7D17A0C3-90E8-417C-9BA7-08C9E760D529}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B1533562-FB97-4808-B4CD-814488BB896C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{D7D0E4A0-4701-4663-852B-1B3084DBDA61}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{08313DC3-F7FA-467E-8F24-13CDBC9D8E9D}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{EF413961-1D90-49A3-A419-A664F2265C5C}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{5CDC892B-99F4-435E-8B6A-A4D149D68336}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{605E7484-88F2-4B8C-A5A5-F037519B3690}"= UDP:c:\windows\Temp\~osDC89.tmp\ossproxy.exe:ossproxy.exe
"{38B143D0-F470-4267-839F-DBA31BA11807}"= UDP:c:\windows\System32\lxdjcoms.exe:Lexmark Communications System
"{2DE88046-A7D5-481E-B71D-4B96229D0DF7}"= TCP:c:\windows\System32\lxdjcoms.exe:Lexmark Communications System
"{969F6CB0-5B69-4653-A598-12FA6B0F3234}"= UDP:c:\program files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{3C8ABBCA-A3F4-470F-9A45-132AACF7F0FB}"= TCP:c:\program files\Lexmark 1400 Series\lxdjamon.exe:Lexmark Device Monitor
"{B1CE5069-FF9C-4E5C-946C-4A809B000E83}"= UDP:c:\program files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{32F3FF3F-BAE8-48EB-9E2D-86DEE9975034}"= TCP:c:\program files\Lexmark 1400 Series\App4R.exe:Lexmark Imaging Studio
"{537CC45C-CD00-4546-AEEF-A78C6E573ED7}"= UDP:c:\users\Jonathan\AppData\Local\Temp\lxdj\wireless\FRENCH\lxdjwpss.exe:
"{978E603B-B059-4F9C-B911-467A60195C98}"= TCP:c:\users\Jonathan\AppData\Local\Temp\lxdj\wireless\FRENCH\lxdjwpss.exe:
"{5978E6C2-9191-4E0D-ADE3-A9D497356848}"= UDP:c:\windows\System32\lxdjcfg.exe:
"{A18B262D-CB51-48EF-8721-3052371293AE}"= TCP:c:\windows\System32\lxdjcfg.exe:
"{19B06E4C-9263-4578-9012-B64079ACE7C9}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{654F3BD1-A2D9-46AF-95F9-4C4A2F41E576}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdjpswx.exe:
"{860275ED-800B-4BCE-A741-8FB86B276C1C}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{6036611D-9B95-437B-B56F-6814EAAFA66B}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdjjswx.exe:
"{9B6AE92F-A848-4C5B-B921-11675EFA1CA3}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:
"{D162B5A4-0B7F-43E9-8B30-DC77C14F3DFF}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdjtime.exe:

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= c:\acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"c:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= c:\acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"c:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= c:\acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\River Past\\Audio Converter Pro\\AudioConverterPro.exe"= c:\program files\River Past\Audio Converter Pro\AudioConverterPro.exe:*:Enabled:River Past Audio Converter Pro

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-13 78416]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2007-09-26 21:19:24 13560]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-07-31 50688]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-13 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-02-15 50768]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-02-01 809296]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-07-31 179712]
S2 Parclass;Parclass;c:\windows\System32\drivers\parclass.sys [2008-04-29 19824]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-25 33752]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c6f7d8d-538d-11dd-bc78-001b385b5bbe}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-06 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-msbqwdjb - c:\users\jonathan\appdata\local\msbqwdjb.exe
HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe
MSConfigStartUp-Magentic - c:\progra~1\Magentic\bin\Magentic.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.speedbit.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title =
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\qw22x12z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.shinobi.fr/
FF - prefs.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
1 fichier(s) déplacé(s).
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 3 Beta 5\plugins\npnul32.dll
FF - plugin: c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\qw22x12z.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www5.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www5.yoog.com/search.php?q=
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.urlbar.matchOnWordBoundary", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.safebrowsing.malware.reportURL", "http://www.stopbadware.org/reports/container?source=Firefox&version=3.0b5&reportname=");
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.places.importBookmarksHTML", true);
c:\program files\Mozilla Firefox 3 Beta 5\defaults\pref\firefox.js - pref("browser.places.createdSmartBookmarks", false);
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 22:11:00
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDJCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(584)
c:\progra~1\SPEEDB~1\sblsp.dll
c:\program files\SpeedBit Video Accelerator\ConfigDB.dll
c:\program files\SpeedBit Video Accelerator\Accelerator.dll
c:\program files\SpeedBit Video Accelerator\CommPipe.dll
c:\program files\SpeedBit Video Accelerator\Collector.dll

- - - - - - - > 'Explorer.exe'(5952)
c:\users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\ZoneLabs\vsmon.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lxdjcoms.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-02-06 22:16:53 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-06 21:16:15

Avant-CF: 9 940 652 032 octets libres
Après-CF: 9,779,388,416 octets libres

344 --- E O F --- 2009-02-06 13:13:55

Utilisateur anonyme · Answer

RE
Sauvegardes tes bookmarks dans Firefoxe, desinstalles le, refait un nettoyage CCleaner et reinstalles le: https://www.mozilla.org/en-US/ , ensuite tu repostes un rapport hijack.
Pour tes deux programmes qui reviennent une fois supprimes, ce ne serait pas du a BitTorrent? Peut tu le desactiver pour voir, avant de faire le reste.
A+

TaTanne5 · Answer

Merci infiniment google est revenu et a remplacé yoog.De plus, les 2 fichier indesinstallables sont finalement définitevement partis. Voila le rapport hitjack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:27:48, on 07/02/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msbqwdjb] c:\users\jonathan\appdata\local\msbqwdjb.exe msbqwdjb
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://ownbloog.com/phpmyvisites/libs/smarty/internals/core.process_tracking_visits/SOPCORE.CAB
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://gameyard.com/online_games/zenerchi_online/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdj_device -   - C:\Windows\system32\lxdjcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

Re
Relances Hijack et coches ces lignes:
_R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
_O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
_O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
_O4 - HKCU\..\Run: [msbqwdjb] c:\users\jonathan\appdata\local\msbqwdjb.exe msbqwdjb
_O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
_O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://ownbloog.com/...
_O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://gameyard.com/online_games/zenerchi_online/ZenerchiWeb.1.0.0.10.cab
Appuies sur fixchecked.
Non, il ne faut pas supprimer les 04, ce sont des programmes qui s'ouvrent automatiquement au demarrage de windows, par contre tu regardes leurs noms, et tu vas regler le programme pour eviter qu'il se lance au demarrage. Tu peux aussi regler certains processus de vista, qui ne servent pas souvent, regardes ici: https://www.pcastuces.com/pratique/windows/services/page8.htm
A+

TaTanne5 · Answer

Merci a vous , j'ai fixer ces lignes.Je trouve sa vraiment trés aimable de votre par de faire partager votre savoir a des gens qui sont en difficultés.Un jour peut-être pourrais-je,comme vous, aider des gens en difficultés...
Et encore merci ;)

TaTanne5 · Answer

Edit: Après avoir redémarrer le PC la ligne "_O4 - HKCU\..\Run: [msbqwdjb] c:\users\jonathan\appdata\local\msbqwdjb.exe msbqwdjb " est revenue.Est-ce grave ?

Utilisateur anonyme · Answer

RE
C'est le processus responsable de ta barre Yoog, il faudrait aller le supprimer directement la ou il est, c'est a dire, tu ouvres ces dossiers et fichiers un par un a la suite: c:\users\jonathan\appdata\local\msbqwdjb.exe. Une fois que tu as trouver" msbqwdjb.exe", tu clic dessus et supprimer. Il faut le faire en mode sans echecs, session administrateur.
Repostes les resultats ou dit moi si il ne veut pas se laisses faire.
A+

TaTanne5 · Answer

J'ai supprimé le fichier "msbqwdjb.bat" car le .exe n'existait pas.Après avoir redémarrer le PC le fichier n'est pas revenue   .Mais je vous renvoie le rapport hitjack car la ligne est de nouveau revenue.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:56, on 08/02/2009
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [LXDJCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXDJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
O4 - HKCU\..\Run: [msbqwdjb] c:\users\jonathan\appdata\local\msbqwdjb.exe msbqwdjb
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdj_device -   - C:\Windows\system32\lxdjcoms.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Utilisateur anonyme · Answer

RE
Utilises la fonction rechercher pour voir ou tu trouves ce "msbqwdjb", tu supprimes tous les dossiers ou fichiers que tu trouves. Ensuite, tu vas dans executer, tu tapes  regedit , dans la fenetre, clic sur edition, rechercher, tu tapes "msbqwdjb" aussi, tu supprimes tous ce que tu trouves avec ces lettres. Ensuite, tu arretes et redemarres, et tu control avec hijack, pas besoin de reposter un rapport, tu me dis juste si la ligne est partie.
A+

TaTanne5 · Answer

Avec la fonction recherche le PC n'a rien trouvé.Avec la deuxième méthode de recherche il a trouver des fichier que j'ai suprimmé mais un ne peut pas être supprimer (un message d'erreur).Et la ligne est tjs présente.

Utilisateur anonyme · Answer

RE
Dans regedit,lorsque tu as trouve cette ligne qui ne veut pas se supprimer, tu clic dans un endrit vide de la fenetre gauche, ca va mettre quelque chose en surbrillance, tu clic droit dessus, autorisation, tu mets control total pour tout les noms qu'il y a, appliquer et ok, ensuite tu peux supprimer la ligne dans la fenetre de droite.
A+

TaTanne5 · Answer

le message d'erreur apparais toujours....

Utilisateur anonyme · Answer

RE
Dans autorisations lorsque tu clic droit quels noms as tu? et dis moi le chemin de cette cle, ca doit etre afficher en bas de la fenetre. (HK...\......\ etc
A+

Barre de recherche google remplacée par yoog

36 réponses

Votre réponse

Discussions similaires

Newsletters