Infection ! peut être errorsave

Résolu
proximarc Messages postés 12 Statut Membre -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,

Cherchez l'intrus !

Sous XP pro et malgré de scan de mcAfee, CountrySpy, le logiciel de F-secure, ad-aware, etc.
J'ai toujours des fenêtre intempestive qui s'ouvreent lorsque je suis sur le net ou que je fasse des recherches avc google.

Que faire merci !

Logfile of HijackThis v1.99.1
Scan saved at 19:05:49, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Mcafee\MWL\MwlSvc.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Mcafee\MWL\MWLGui.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe
C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\FICHIE~1\Logitech\LComMgr\COMMUN~1.EXE
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\hijackthis\hijackthis_hijackthis_1.99.1_anglais_17891.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Systran50perso.IEPlugIn - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
O4 - HKLM\..\Run: [Reverso Translator Express] C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe -sms
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: 3D Photo Browser.lnk = C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4941/mcfscan.cab
O18 - Protocol: bw+0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw+0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw-0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw-0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw00 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw00s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw10 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw10s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw20 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw20s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw30 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw30s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw40 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw40s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw50 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw50s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw60 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw60s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw70 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw70s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw80 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw80s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw90 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bw90s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwa0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwa0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwb0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwb0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwc0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwc0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwd0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwd0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwe0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwe0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwf0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwf0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
O18 - Protocol: bwg0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwg0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwh0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwh0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwi0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwi0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwj0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwj0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwk0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwk0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwl0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwl0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwm0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwm0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwn0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwn0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwo0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwo0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwp0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwp0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwq0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwq0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwr0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwr0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bws0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bws0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwt0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwt0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwu0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwu0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwv0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwv0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bww0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bww0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwx0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwx0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwy0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwy0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwz0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: bwz0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FFW - Unknown owner - C:\DOCUME~1\PROXIA~1\LOCALS~1\Temp\FFW.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Configuration: Windows XP
Internet Explorer 7.0

11 réponses

  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,

    ça fait beaucoup de programmes au démarrage tout ça.

    * Télécharge Blacklight
    https://europe.f-secure.com/exclude/blacklight/index.shtml
    (de F-Secure)
    (le premier de la page)

    Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
    Double-clique blbeta.exe et accepte la licence;
    clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
    sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse.
    NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
    car des fichiers légitimes peuvent être présents, tel wbemtest.exe
    0
  2. proximarc Messages postés 12 Statut Membre
     
    Re_Bonjour et merci déjà de ma prise en compte.

    En effet, j'ai toujours depuis des années beaucoup de programme au démarrage.
    Les pricipaux que je connaisse McAfee ; Counterspy ; ma carte ati ; winzip ; babylon ; skype ; un logiciel de réglage effets de son ; reverso ; 3dbrowser ; snagIt
    Je donne des cours d'initiation gratuits sur le net des logiciels de Caligari TrueSpace et GameSpace.

    Pour les fichiers malware,
    j'ai à chaque scan de blacklight les fichiers suivant qui reviennent :

    agchdpdqeq.exe
    agchdpdqeq.dat
    agchdpdqeq_nav.dat
    agchdpdqeq_navs.dat

    J'ai pas trouvé depuis une semaine comment les virer, bien que je charche dans le forum une ressemblance.

    Le log :
    02/21/07 07:01:01 [Info]: BlackLight Engine 1.0.55 initialized
    02/21/07 07:01:01 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    02/21/07 07:01:01 [Note]: 7019 4
    02/21/07 07:01:01 [Note]: 7005 0
    02/21/07 07:01:06 [Note]: 7006 0
    02/21/07 07:01:06 [Note]: 7011 6136
    02/21/07 07:01:06 [Note]: 7026 0
    02/21/07 07:01:07 [Note]: 7026 0
    02/21/07 07:01:07 [Note]: 7024 3
    02/21/07 07:01:07 [Info]: Hidden process: C:\windows\system32\agchdpdqeq.exe
    02/21/07 07:01:28 [Note]: FSRAW library version 1.7.1021
    02/21/07 07:07:56 [Info]: Hidden file: c:\WINDOWS\system32\agchdpdqeq.dat
    02/21/07 07:07:56 [Note]: 10002 1
    02/21/07 07:07:56 [Info]: Hidden file: C:\windows\system32\agchdpdqeq.exe
    02/21/07 07:07:56 [Note]: 10002 1
    02/21/07 07:07:57 [Info]: Hidden file: c:\WINDOWS\system32\agchdpdqeq_nav.dat
    02/21/07 07:07:57 [Note]: 10002 1
    02/21/07 07:07:57 [Info]: Hidden file: c:\WINDOWS\system32\agchdpdqeq_navps.dat
    02/21/07 07:07:57 [Note]: 10002 1
    02/21/07 07:09:04 [Note]: 2000 1012
    02/21/07 07:09:04 [Note]: 2000 1012
    Merci d'avance !
    0
  3. proximarc Messages postés 12 Statut Membre
     
    Suite
    j'ai bricolé un peu ;)

    Dans ma liste des programmes de démarrage j'ai oublié voissanopub pour virer les fenêtres intempestives !

    Re_Bonjour,
    En essayant de comprendre l'anglais de blacklight, j'ai cru comprendre qu'il fallait activer rename pour ces fichiers

    J'ai relancé blacklight, voici le nouveau log !
    Il semble qu'il reste le FSRAM ?

    02/21/07 08:03:14 [Info]: BlackLight Engine 1.0.55 initialized
    02/21/07 08:03:14 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    02/21/07 08:03:14 [Note]: 7019 4
    02/21/07 08:03:14 [Note]: 7005 0
    02/21/07 08:03:36 [Note]: 7006 0
    02/21/07 08:03:36 [Note]: 7011 3996
    02/21/07 08:03:37 [Note]: 7026 0
    02/21/07 08:03:37 [Note]: 7026 0
    02/21/07 08:04:09 [Note]: FSRAW library version 1.7.1021
    02/21/07 08:12:48 [Note]: 2000 1012
    02/21/07 08:12:48 [Note]: 2000 1012
    02/21/07 08:15:41 [Note]: 7007 0

    Date heure ! ? ? (puis-je savoir ce que c'est ces nombres ?)

    et voici le nouveau compte rendu de HijackThis :

    Logfile of HijackThis v1.99.1
    Scan saved at 08:22:54, on 21/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Mcafee\MWL\MwlSvc.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Babylon\Babylon.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Mcafee\MWL\MWLGui.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
    C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
    C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
    C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
    C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
    C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Documents and Settings\Proxiamrc\Application Data\Microsoft\Internet Explorer\Quick Launch\hijackthis_hijackthis_1.99.1_anglais_17891.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Systran50perso.IEPlugIn - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
    O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [agchdpdqeq] c:\windows\system32\agchdpdqeq.exe agchdpdqeq
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
    O4 - HKLM\..\Run: [Reverso Translator Express] C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe -sms
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: 3D Photo Browser.lnk = C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
    O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4941/mcfscan.cab
    O18 - Protocol: bw+0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw+0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw-0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw-0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw00 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw00s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw10 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw10s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw20 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw20s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw30 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw30s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw40 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw40s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw50 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw50s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw60 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw60s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw70 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw70s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw80 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw80s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw90 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw90s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwa0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwa0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwb0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwb0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwc0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwc0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwd0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwd0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwe0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwe0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwf0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwf0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwg0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwh0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwh0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwi0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwi0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwj0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwj0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwk0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwk0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwl0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwl0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwm0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwm0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwn0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwn0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwo0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwo0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwp0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwp0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwq0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwq0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwr0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwr0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bws0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bws0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwt0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwt0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwu0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwu0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwv0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwv0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bww0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bww0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwx0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwx0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwy0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwy0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwz0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwz0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: FFW - Unknown owner - C:\DOCUME~1\PROXIA~1\LOCALS~1\Temp\FFW.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
    O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
    O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    Merci encore !
    0
  4. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re
    j'ai bricolé un peu ;)
    
    
    Dans ma liste des programmes de démarrage j'ai oublié voissanopub pour virer les fenêtres intempestives !
    
    
    En essayant de comprendre l'anglais de blacklight, j'ai cru comprendre qu'il fallait activer rename pour ces fichiers


    dommage. Ce n'est pas ma manière de procéder, de + qq fois blacklight liste des exe légitimes. Tu cours à la cata en procédant de cette manière.
    J'espère que tout est parti. Visiblement cela semble correct.

    J'ai relancé blacklight, voici le nouveau log !
    Il semble qu'il reste le FSRAM ?


    non il ne reste rien.

    Date heure ! ? ? (puis-je savoir ce que c'est ces nombres ?) 


    ce n'est pas ce qui m'intéresse, cela n'a aucune importance.

    * lance hijackthis, coche et fixe ces lignes

    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
    O18 - Protocol: bw+0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw+0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw-0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw-0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw00 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw00s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw10 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw10s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw20 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw20s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw30 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw30s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw40 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw40s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw50 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw50s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw60 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw60s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw70 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw70s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw80 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw80s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw90 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bw90s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwa0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwa0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwb0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwb0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwc0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwc0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwd0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwd0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwe0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwe0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwf0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwf0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - (no file)
    O18 - Protocol: bwg0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwg0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwh0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwh0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwi0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwi0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwj0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwj0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwk0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwk0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwl0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwl0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwm0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwm0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwn0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwn0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwo0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwo0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwp0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwp0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwq0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwq0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwr0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwr0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bws0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bws0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwt0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwt0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwu0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwu0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwv0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwv0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bww0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bww0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwx0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwx0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwy0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwy0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwz0 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: bwz0s - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)
    O18 - Protocol: offline-8876480 - {C34A8AE5-D2F2-4C37-A6D0-3A5BBA4F8B89} - (no file)

    puis

    * Fait un scan antivirus en ligne
    https://www.bitdefender.fr/
    et copie colle le résultat ici
    * En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    * Dans la nouvelle fenêtre, clique sur I agree
    * La fenêtre change encore, clique sur Click here to scan
    * Les signatures se chargent, etc.
    0
    1. proximarc Messages postés 12 Statut Membre
       
      il semble que je n'ai plus rien avec bidender !
      Il m'avait trouvé un fichier vérolé dans un vieux message de OE de 1999.
      Je l'ai viré et plus rien n'est apparu.
      bidefender veut plus se relancer de toiute façon date d'utilisation périmé.
      BlackLight n'as plus rien trouvé et mes outils perso non plus.

      Voilà le résultat dans HijackThis :
      Logfile of HijackThis v1.99.1
      Scan saved at 00:36:52, on 05/03/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16414)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
      C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
      C:\Program Files\McAfee\MBK\MBackMonitor.exe
      C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
      C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
      C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
      c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      C:\PROGRA~1\McAfee\MSC\mctskshd.exe
      C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\McAfee\MSK\MskSrver.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\Babylon\Babylon.exe
      C:\Program Files\Mcafee\MWL\MwlSvc.exe
      C:\Program Files\Nero\Nero 7\InCD\InCD.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
      C:\Program Files\Mcafee\MWL\MWLGui.exe
      C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
      C:\Program Files\McAfee\MSK\MskAgent.exe
      C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
      C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\McAfee\MPS\mps.exe
      C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe
      C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
      C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\McAfee\MPS\mpsevh.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
      C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
      C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
      C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
      C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
      C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\Proxiamrc\Application Data\Microsoft\Internet Explorer\Quick Launch\hijackthis_hijackthis_1.99.1_anglais_17891.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Systran50perso.IEPlugIn - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
      O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
      O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
      O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
      O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
      O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
      O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
      O4 - HKLM\..\Run: [Reverso Translator Express] C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe -sms
      O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
      O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - Startup: 3D Photo Browser.lnk = C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
      O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
      O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
      O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/fr/4,0,0,90/mcinsctl.cab
      O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/fr/1,0,0,23/mcgdmgr.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: McAfee Application Installer Cleanup (0230941173013798) (0230941173013798mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\023094~1.EXE
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      O23 - Service: FFW - Unknown owner - C:\DOCUME~1\PROXIA~1\LOCALS~1\Temp\FFW.exe (file missing)
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
      O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
      O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
      O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
      O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
      O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
      O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
      O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
      O23 - Service: McAfee Wireless Network Security Service (MWLSvc) - McAfee, Inc. - C:\Program Files\Mcafee\MWL\MwlSvc.exe
      O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
      O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
      O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    Bonsoir,

    reste ceci à virer

    Démarrer "Exécuter…" puis Tape "services.msc" et valide par OK
    la fenêtre des Services s'ouvre => vérifier dans la partie inférieure que l'onglet "Etendu" est bien sélectionné, sinon faites le.

    FFW 

    et le chemin
    C:\DOCUMENTS & SETTINGS\PROXIA~1\LOCALS SETTINGS\Temp\FFW.exe

    - Dans la colonne "Nom", DOUBLE CLIQUE sur le service noté en GRAS ci dessus, pour faire apparaître "Propriétés".
    - Vérifie dans "Chemin d'accès des fichiers exécutables" qu'il s'agit bien de l'emplacement souligné.
    - Puis clique sur Arrêter
    - Dans le menu déroulant "Type de démarrage", sélectionne "Désactivé".
    - valide la modification par OK
    - Ferme la fenêtre des Services.

    puis

    Ouvre HijackThis---open the misc tool section>Misc tools>delete an NT service.
    Dans l'invite de commande, entre FFW
    Valide.

    affiche les fichiers et dossiers cachés et supprime

    C:\DOCUMENTS & SETTINGS\PROXIA~1\LOCALS SETTINGS\Temp\------------tout le contenu
    0
  7. proximarc Messages postés 12 Statut Membre
     
    suite --> merci de votre suivi !

    Logfile of HijackThis v1.99.1
    Scan saved at 18:32:50, on 09/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
    C:\Program Files\Reverso\Reverso Translation Server\LogoMedia TranslateDotNet Server.exe
    C:\Program Files\McAfee\MBK\MBackMonitor.exe
    C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
    c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\PROGRA~1\McAfee\MPS\mps.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Babylon\Babylon.exe
    C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe
    C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
    C:\Program Files\Mcafee\MWL\MWLGui.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
    C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe
    C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
    C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Harrap's Multimédia\Shorter\bin\HiHarrapsTray.exe
    C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
    C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
    C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
    C:\Program Files\Mcafee\MWL\MwlSvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
    C:\Documents and Settings\Proxiamrc\Application Data\Microsoft\Internet Explorer\Quick Launch\hijackthis_hijackthis_1.99.1_anglais_17891.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Systran50perso.IEPlugIn - {A5899B52-3AF9-4F56-85FE-AD7B3BE8490F} - C:\Program Files\SYSTRAN\5.0\Personal\IEPlugIn.dll
    O3 - Toolbar: &Reverso Translator - {995B2B9A-FCC5-4BE8-B98F-E9CD53C514FE} - C:\PROGRA~1\Reverso\REVERS~2\REVERS~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
    O4 - HKLM\..\Run: [MWLExe] C:\Program Files\Mcafee\MWL\MWLGui.exe /Start
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SBCSTray.exe
    O4 - HKLM\..\Run: [Reverso Translator Express] C:\Program Files\Reverso\Reverso Translator\ReversoTranslatorExpress.exe -sms
    O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
    O4 - HKCU\..\Run: [Voissa No Pubs] C:\Program Files\VoissaNoPubs\VoissaNoPubs.exe -hide
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: 3D Photo Browser.lnk = C:\Program Files\3D Photo Browser\3DPhotoBrowser.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Ask Harrap's Shorter.lnk = ?
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
    O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    ~DF1BEE.tmp n'a pu être supprimé normalement !
    Et, comme je suis pas démarré en mode sans echec ou en dos, il est encore là !
    Es-ce grâve docteur :) ?

    Plusieurs dossiers et fichiers sont réaparus ! mais il me semble les connaître.

    Le FFW c'est quoi comme fonction ?

    Merci encore !
    En attente d'une nouvelle ordonnance.

    NB : en tout cas l'ordi tourne plus vite.
    J'avais aussi une remarque à faire : quand je lançais bitDefender ça créait un fichier temporaire genre ????0000.tmp dans lequel était un autre fichier .tmp
    McAfee réagissait en le supprimant et disant virus ?
    Moi je verifiais qu'il était bien viré et c'était le cas.
    0
  8. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir,
    ~DF1BEE.tmp n'a pu être supprimé normalement !
    Et, comme je suis pas démarré en mode sans echec ou en dos, il est encore là !
    


    il sort d'où celui là ? en mode sans échec, il devrait partir, c'est un fichier temporaire

    Le FFW c'est quoi comme fonction ? 


    il est plutôt inconnu de castelcops, et je n'ai rien trouvé de très intéressant sur google, de plus dans les fichiers temporaires, je ne vois pas ce qu'il y ferait.

    0
  9. proximarc Messages postés 12 Statut Membre
     
    bonjour, c'était un fichier tmp maintenant viré !

    Par contre j'ai un dossir :
    9ec3c779fd7e271fa84472a8c6d9d4

    Dans lequel il y a un fichier texte :

    Verbose logging started: 31/12/2006 14:14:18 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe


    MSI (c) (D0:CC) [14:14:18:187]: Resetting cached policy values
    MSI (c) (D0:CC) [14:14:18:187]: Machine policy value 'Debug' is 0
    MSI (c) (D0:CC) [14:14:18:187]: ******* RunEngine:
    ******* Product: d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi
    ******* Action:
    ******* CommandLine: **********
    MSI (c) (D0:CC) [14:14:18:187]: Client-side and UI is none or basic: Running entire install on the server.
    MSI (c) (D0:CC) [14:14:18:187]: Grabbed execution mutex.
    MSI (c) (D0:CC) [14:14:18:187]: Cloaking enabled.
    MSI (c) (D0:CC) [14:14:18:187]: Attempting to enable all disabled priveleges before calling Install on Server
    MSI (c) (D0:CC) [14:14:18:203]: Incrementing counter to disable shutdown. Counter after increment: 0
    MSI (s) (48:34) [14:14:18:250]: Grabbed execution mutex.
    MSI (s) (48:C4) [14:14:18:250]: Resetting cached policy values
    MSI (s) (48:C4) [14:14:18:250]: Machine policy value 'Debug' is 0
    MSI (s) (48:C4) [14:14:18:250]: ******* RunEngine:
    ******* Product: d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi
    ******* Action:
    ******* CommandLine: **********
    MSI (s) (48:C4) [14:14:18:250]: Machine policy value 'DisableUserInstalls' is 0
    MSI (s) (48:C4) [14:14:18:265]: File will have security applied from OpCode.
    MSI (s) (48:C4) [14:14:18:296]: SOFTWARE RESTRICTION POLICY: Verifying package --> 'd:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi' against software restriction policy
    MSI (s) (48:C4) [14:14:18:296]: SOFTWARE RESTRICTION POLICY: d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi has a digital signature
    MSI (s) (48:C4) [14:14:18:390]: SOFTWARE RESTRICTION POLICY: d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi is permitted to run at the 'unrestricted' authorization level.
    MSI (s) (48:C4) [14:14:18:390]: End dialog not enabled
    MSI (s) (48:C4) [14:14:18:390]: Original package ==> d:\9ec3c779fd7e271fa84472a8c6d9d4\msxml.msi
    MSI (s) (48:C4) [14:14:18:390]: Package we're running from ==> C:\WINDOWS\Installer\41b830b.msi
    ETC ....
    Je ne suis pas sur qu'il y ait pas de renseignement dedans ! c'est pourquoi j'en mets pas plus ?

    Qu'es-ce que c'est ?

    Je pense qu'après ce sera la fin car tout marche bien maintenant.

    Merci champion !
    Une grosse épine du pied retirée.
    0
  10. proximarc Messages postés 12 Statut Membre
     
    oui et merci encore de cette réussite !
    Que la vie t'apporte joie et bonheur !
    Cette rubrique peut être fermé. :))
    0
  11. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    ok c'est parfait

    bonne fin de soirée
    0