Infection ! peut être errorsave Résolu/Fermé

Question

Bonjour,

Cherchez l'intrus !

Sous XP pro et malgré de scan de mcAfee, CountrySpy, le logiciel de F-secure, ad-aware, etc.
J'ai toujours des fenêtre intempestive qui s'ouvreent lorsque je suis sur le net ou que je fasse des recherches avc google.

Que faire merci !

Logfile of HijackThis v1.99.1
Scan saved at 19:05:49, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafeeedirsvcedirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program
atspeak.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\FICHIE~1\Logitech\LComMgr\COMMUN~1.EXE
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hijackthis\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Systran50perso.IEPlugIn - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
O4 - HKLM\..\Run: [Reverso Translator Express] C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe -sms
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: 3D Photo Browser.lnk = C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program
atspeak.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ask  Harrap's Shorter.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4941/mcfscan.cab
O18 - Protocol: bw+0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw+0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw-0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw-0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw00 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw00s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw10 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw10s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw20 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw20s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw30 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw30s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw40 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw40s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw50 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw50s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw60 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw60s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw70 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw70s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw80 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw80s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw90 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw90s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwa0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwa0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwb0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwb0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwc0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwc0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwd0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwd0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwe0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwe0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwf0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwf0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwg0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwh0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwh0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwi0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwi0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwj0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwj0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwk0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwk0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwl0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwl0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwm0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwm0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwn0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwn0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwo0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwo0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwp0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwp0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwq0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwq0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwr0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwr0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bws0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bws0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwt0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwt0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwu0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwu0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwv0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwv0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bww0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bww0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwx0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwx0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwy0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwy0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwz0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwz0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FFW - Unknown owner - C:\DOCUME~1\PROXIA~1\LOCALS~1\Temp\FFW.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor -   - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafeeedirsvcedirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

philae83 · Answer

bonsoir,

ça fait beaucoup de programmes au démarrage tout ça.

* Télécharge  Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
 (de F-Secure)
(le premier de la page)

Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe  et accepte la licence;
clique Scan  puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé fsbl.xxxxxxx.log  (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse.
 NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
 car des fichiers légitimes peuvent être présents,  tel wbemtest.exe

proximarc · Answer

Re_Bonjour et merci déjà de ma prise en compte.

En effet, j'ai toujours depuis des années beaucoup de programme au démarrage.
Les pricipaux que je connaisse McAfee ; Counterspy ; ma carte ati ; winzip ; babylon ; skype ; un logiciel de réglage effets de son ; reverso ; 3dbrowser ; snagIt
Je donne des cours d'initiation gratuits sur le net des logiciels de Caligari TrueSpace et GameSpace.

Pour les fichiers malware,
j'ai à chaque scan de blacklight les fichiers suivant qui reviennent :

agchdpdqeq.exe
agchdpdqeq.dat
agchdpdqeq_nav.dat
agchdpdqeq_navs.dat

J'ai pas trouvé depuis une semaine comment les virer, bien que je charche dans le forum une ressemblance.

Le log :
02/21/07 07:01:01 [Info]: BlackLight Engine 1.0.55 initialized
02/21/07 07:01:01 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/21/07 07:01:01 [Note]: 7019 4
02/21/07 07:01:01 [Note]: 7005 0
02/21/07 07:01:06 [Note]: 7006 0
02/21/07 07:01:06 [Note]: 7011 6136
02/21/07 07:01:06 [Note]: 7026 0
02/21/07 07:01:07 [Note]: 7026 0
02/21/07 07:01:07 [Note]: 7024 3
02/21/07 07:01:07 [Info]: Hidden process: C:\windows\system32\agchdpdqeq.exe
02/21/07 07:01:28 [Note]: FSRAW library version 1.7.1021
02/21/07 07:07:56 [Info]: Hidden file: c:\WINDOWS\system32\agchdpdqeq.dat
02/21/07 07:07:56 [Note]: 10002 1
02/21/07 07:07:56 [Info]: Hidden file: C:\windows\system32\agchdpdqeq.exe
02/21/07 07:07:56 [Note]: 10002 1
02/21/07 07:07:57 [Info]: Hidden file: c:\WINDOWS\system32\agchdpdqeq_nav.dat
02/21/07 07:07:57 [Note]: 10002 1
02/21/07 07:07:57 [Info]: Hidden file: c:\WINDOWS\system32\agchdpdqeq_navps.dat
02/21/07 07:07:57 [Note]: 10002 1
02/21/07 07:09:04 [Note]: 2000 1012
02/21/07 07:09:04 [Note]: 2000 1012
Merci d'avance !

proximarc · Answer

Suite
j'ai bricolé un peu ;)

Dans ma liste des programmes de démarrage j'ai oublié voissanopub pour virer les fenêtres intempestives !

Re_Bonjour,
En essayant de comprendre l'anglais de blacklight, j'ai cru comprendre qu'il fallait activer rename pour ces fichiers

J'ai relancé blacklight, voici le nouveau log !
Il semble qu'il reste le FSRAM ?

02/21/07 08:03:14 [Info]: BlackLight Engine 1.0.55 initialized
02/21/07 08:03:14 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/21/07 08:03:14 [Note]: 7019 4
02/21/07 08:03:14 [Note]: 7005 0
02/21/07 08:03:36 [Note]: 7006 0
02/21/07 08:03:36 [Note]: 7011 3996
02/21/07 08:03:37 [Note]: 7026 0
02/21/07 08:03:37 [Note]: 7026 0
02/21/07 08:04:09 [Note]: FSRAW library version 1.7.1021
02/21/07 08:12:48 [Note]: 2000 1012
02/21/07 08:12:48 [Note]: 2000 1012
02/21/07 08:15:41 [Note]: 7007 0

Date      heure     !       ?    ?   (puis-je savoir ce que c'est ces nombres ?)

et voici le nouveau compte rendu de HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 08:22:54, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafeeedirsvcedirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program
atspeak.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32
otepad.exe
C:\Documents and Settings\Proxiamrc\Application Data\Microsoft\Internet Explorer\Quick Launch\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Systran50perso.IEPlugIn - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [agchdpdqeq] c:\windows\system32\agchdpdqeq.exe agchdpdqeq
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
O4 - HKLM\..\Run: [Reverso Translator Express] C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe -sms
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: 3D Photo Browser.lnk = C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program
atspeak.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ask  Harrap's Shorter.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4941/mcfscan.cab
O18 - Protocol: bw+0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw+0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw-0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw-0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw00 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw00s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw10 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw10s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw20 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw20s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw30 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw30s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw40 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw40s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw50 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw50s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw60 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw60s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw70 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw70s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw80 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw80s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw90 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw90s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwa0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwa0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwb0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwb0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwc0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwc0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwd0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwd0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwe0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwe0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwf0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwf0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwg0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwh0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwh0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwi0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwi0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwj0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwj0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwk0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwk0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwl0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwl0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwm0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwm0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwn0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwn0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwo0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwo0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwp0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwp0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwq0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwq0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwr0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwr0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bws0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bws0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwt0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwt0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwu0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwu0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwv0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwv0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bww0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bww0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwx0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwx0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwy0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwy0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwz0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwz0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FFW - Unknown owner - C:\DOCUME~1\PROXIA~1\LOCALS~1\Temp\FFW.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor -   - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafeeedirsvcedirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Merci encore !

philae83 · Answer

re
j'ai bricolé un peu ;)


Dans ma liste des programmes de démarrage j'ai oublié voissanopub pour virer les fenêtres intempestives !


En essayant de comprendre l'anglais de blacklight, j'ai cru comprendre qu'il fallait activer rename pour ces fichiers

dommage. Ce n'est pas ma manière de procéder, de + qq fois blacklight liste des exe légitimes. Tu cours à la cata en procédant de cette manière.
J'espère que tout est parti. Visiblement cela semble correct.

J'ai relancé blacklight, voici le nouveau log !
Il semble qu'il reste le FSRAM ?

non il ne reste rien.


Date heure ! ? ? (puis-je savoir ce que c'est ces nombres ?) 

ce n'est pas ce qui m'intéresse, cela n'a aucune importance.

* lance hijackthis, coche et fixe ces lignes

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/ 
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/ 
O18 - Protocol: bw+0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw+0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw-0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw-0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw00 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw00s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw10 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw10s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw20 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw20s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw30 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw30s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw40 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw40s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw50 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw50s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw60 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw60s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw70 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw70s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw80 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw80s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw90 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw90s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwa0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwa0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwb0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwb0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwc0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwc0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwd0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwd0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwe0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwe0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwf0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwf0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwg0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwh0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwh0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwi0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwi0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwj0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwj0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwk0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwk0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwl0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwl0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwm0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwm0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwn0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwn0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwo0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwo0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwp0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwp0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwq0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwq0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwr0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwr0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bws0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bws0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwt0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwt0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwu0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwu0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwv0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwv0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bww0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bww0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwx0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwx0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwy0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwy0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwz0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwz0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file) 
O18 - Protocol: offline-8876480 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file) 


puis

* Fait un scan antivirus en ligne 
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

philae83 · Answer

Bonsoir,

reste ceci à virer

Démarrer "Exécuter…" puis Tape "services.msc" et valide par  OK
la fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné, sinon faites le.


FFW 
et le chemin
C:\DOCUMENTS & SETTINGS\PROXIA~1\LOCALS SETTINGS\Temp\FFW.exe

- Dans la colonne "Nom", DOUBLE CLIQUE sur le service noté en GRAS ci dessus, pour faire apparaître "Propriétés".
- Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement souligné.
- Puis clique sur Arrêter
- Dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
- valide la modification par OK
- Ferme la fenêtre des Services.

 puis

Ouvre HijackThis---open the misc tool section>Misc tools>delete an NT service.
Dans l'invite de commande, entre FFW
Valide.

affiche les fichiers et dossiers cachés et supprime 


C:\DOCUMENTS & SETTINGS\PROXIA~1\LOCALS SETTINGS\Temp\------------tout le contenu

proximarc · Answer

suite --> merci de votre suivi !

Logfile of HijackThis v1.99.1
Scan saved at 18:32:50, on 09/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafeeedirsvcedirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program
atspeak.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\Proxiamrc\Application Data\Microsoft\Internet Explorer\Quick Launch\hijackthis_hijackthis_1.99.1_anglais_17891.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Systran50perso.IEPlugIn - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
O4 - HKLM\..\Run: [Reverso Translator Express] C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe -sms
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: 3D Photo Browser.lnk = C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program
atspeak.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ask  Harrap's Shorter.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

~DF1BEE.tmp n'a pu être supprimé normalement !
Et, comme je suis pas démarré en mode sans echec ou en dos, il est encore là !
Es-ce grâve docteur :)  ?

Plusieurs dossiers et fichiers sont réaparus ! mais il me semble les connaître.

Le FFW c'est quoi comme fonction ?

Merci encore !
En attente d'une nouvelle ordonnance.

NB : en tout cas l'ordi tourne plus vite.
J'avais aussi une remarque à faire : quand je lançais bitDefender ça créait un fichier temporaire  genre ????0000.tmp dans lequel était un autre fichier .tmp
McAfee réagissait en le supprimant et disant virus ?
Moi je verifiais qu'il était bien viré et c'était le cas.

philae83 · Answer

bonsoir,

~DF1BEE.tmp n'a pu être supprimé normalement !
Et, comme je suis pas démarré en mode sans echec ou en dos, il est encore là !


il sort d'où celui là ? en mode sans échec, il devrait partir, c'est un fichier temporaire 

Le FFW c'est quoi comme fonction ? 

il est plutôt inconnu de castelcops, et je n'ai rien trouvé de très intéressant sur google, de plus dans les fichiers temporaires, je ne vois pas ce qu'il y ferait.

proximarc · Answer

bonjour, c'était un fichier tmp maintenant viré !

Par contre j'ai un dossir :
9ec3c779fd7e271fa84472a8c6d9d4

Dans lequel il y a un fichier texte :
 Verbose logging started: 31/12/2006  14:14:18  Build type: SHIP UNICODE 3.01.4000.2435  Calling process: C:\WINDOWS\system32\msiexec.exe 
MSI (c) (D0:CC) [14:14:18:187]: Resetting cached policy values
MSI (c) (D0:CC) [14:14:18:187]: Machine policy value 'Debug' is 0
MSI (c) (D0:CC) [14:14:18:187]: ******* RunEngine:
           ******* Product: d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi
           ******* Action: 
           ******* CommandLine: **********
MSI (c) (D0:CC) [14:14:18:187]: Client-side and UI is none or basic: Running entire install on the server.
MSI (c) (D0:CC) [14:14:18:187]: Grabbed execution mutex.
MSI (c) (D0:CC) [14:14:18:187]: Cloaking enabled.
MSI (c) (D0:CC) [14:14:18:187]: Attempting to enable all disabled priveleges before calling Install on Server
MSI (c) (D0:CC) [14:14:18:203]: Incrementing counter to disable shutdown. Counter after increment: 0
MSI (s) (48:34) [14:14:18:250]: Grabbed execution mutex.
MSI (s) (48:C4) [14:14:18:250]: Resetting cached policy values
MSI (s) (48:C4) [14:14:18:250]: Machine policy value 'Debug' is 0
MSI (s) (48:C4) [14:14:18:250]: ******* RunEngine:
           ******* Product: d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi
           ******* Action: 
           ******* CommandLine: **********
MSI (s) (48:C4) [14:14:18:250]: Machine policy value 'DisableUserInstalls' is 0
MSI (s) (48:C4) [14:14:18:265]: File will have security applied from OpCode.
MSI (s) (48:C4) [14:14:18:296]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'd:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi' against software restriction policy
MSI (s) (48:C4) [14:14:18:296]: SOFTWARE RESTRICTION POLICY: d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi has a digital signature
MSI (s) (48:C4) [14:14:18:390]: SOFTWARE RESTRICTION POLICY: d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi is permitted to run at the 'unrestricted' authorization level.
MSI (s) (48:C4) [14:14:18:390]: End dialog not enabled
MSI (s) (48:C4) [14:14:18:390]: Original package ==> d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi
MSI (s) (48:C4) [14:14:18:390]: Package we're running from ==> C:\WINDOWS\Installer\41b830b.msi
ETC ....
Je ne suis pas sur qu'il y ait pas de renseignement dedans ! c'est pourquoi j'en mets pas plus ?

Qu'es-ce que c'est ?

Je pense qu'après ce sera la fin car tout marche bien maintenant.

Merci champion !
Une grosse épine du pied retirée.

philae83 · Answer

bonsoir,

laisse le tranquille ce truc, il est légitime
https://www.processlibrary.com/en/directory/a/1/

tout est ok donc ?

proximarc · Answer

oui et merci encore de cette réussite !
Que la vie t'apporte joie et bonheur !
Cette rubrique peut être fermé. :))

philae83 · Answer

ok c'est parfait

bonne fin de soirée

Infection ! peut être errorsave

11 réponses

Verbose logging started: 31/12/2006 14:14:18 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe

Discussions similaires