Erreur de chargement de ctccw32.dll

Résolu
LydieL62 Messages postés 14 Statut Membre -  
LydieL62 Messages postés 14 Statut Membre -
Bonjour,

Bonjour,
J ai ce probleme de chargement au demarrage avec rundll manquant.

Voici le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:50, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MINDSCAPE\MCF\TGBBOB.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [Overclk.exe] "C:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe"
O4 - HKLM\..\Run: [AsusProb.exe] "C:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe"
O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Asus Probe\AsusProb.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UberIcon] "C:\\Program Files\\UberIcon\\UberIcon Manager.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [Office SturtUp] osa9.exe
O4 - HKLM\..\Run: [gfxtray] rundll32 ctccw32.dll,findwnd
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Uniblue SpyEraser] C:\\Program Files\\Uniblue\\SpyEraser\\SpyEraser.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: TGBBOB - C:\WINDOWS\SYSTEM32\TGBBOBNotif.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TGB::BOB! Starter - Unknown owner - C:\WINDOWS\system32\tgbstarter.exe
O23 - Service: TGB::BOB! (TGBBOB) - SISTECH - TheGreenBow - C:\Program Files\MINDSCAPE\MCF\TGBBOB.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

End of file - 8537 bytes

Merci d avance pour votre aide

Lydie
Configuration: Windows XP
Internet Explorer 7.0

14 réponses

  1. PayneStewart Messages postés 1052 Statut Membre 266
     
    Salut la matinale !
    Dis-moi, tu as combien d'antivirus, et combien d'antispyware ? ;)
    0
    1. lydiel62
       
      J ai compte 1 antivirus, 2 antispyware et 3 pare feu en comptant celui d xp si j en n oublie pas ;)
      0
  2. PayneStewart Messages postés 1052 Statut Membre 266
     
    Tu as "GFXTRAY" ...

    D'après CastleCops ( ICI ) c'est un cheval de Troie ....

    Le détail est ailleurs

    Donc, il faut que tu passes tes antyspy ( à jour !) l'un après l'autre ...
    Si ça ne suffit pas, on essayera autrement !
    0
    1. lydiel62
       
      Je te remercie je vais faire mes scans de suite je te tiens au courant
      0
  3. PayneStewart Messages postés 1052 Statut Membre 266
     
    OK ...
    0
    1. lydiel62
       
      Apres mise a jour de counterspy et scan complet celui ci n a trouve qu un cookie.

      Je vais faire de meme avec SpyEraser je te tiens au courant
      0
  4. PayneStewart Messages postés 1052 Statut Membre 266
     
    Ok ... Tant qu'à avoir plusieurs antispy, autant prendre les meilleurs : Spybot, AdAware, SpywareTerminator ...
    ;)
    0
    1. lydiel62
       
      Scan termine voici le rapport :
      C:\Documents and Settings\Administrateur\Mes documents\scan SpyEraser.htm

      J ai aussi spybot et adware mais ceux ci ne travaille pas en gardien, il faut les ouvrir et lancer le scan manuellement.

      SpywareTerminator le fait il?
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. PayneStewart Messages postés 1052 Statut Membre 266
     
    SpyT le fait ...

    Mauvaise nouvelle : comme nous ne sommes pas branchés en réseau, je n'ai pas accès à ton disque dur ! ;)))))
    Donc, c'était sympa de me dire où il est, mais bon ...... (hi! hi! hi!)
    Tu peux me faire un copier/coller à la place ?
    0
    1. lydiel62
       
      Oups desolee voici le rapport:

      Start Date:February 23, 2008 at 12:04:02PM

      End Date:February 23, 2008 at 01:01:28PM

      Total Time:57 Mins 26 Secs
      Detected Infections
      Cookie.Tracking-Cookie
      Details: A Tracking Cookie is any cookie that is installed on a
      computer to save and access various activities of the user. It may
      be used by web sites to identify returning visitors who have
      registered for special services; to monitor, measure, and scrutinize
      visitors' navigation and use of web site features. It can also count
      the number of visitors to web sites and allow web surfers to use
      virtual "shopping carts". All this information is saved for future
      target advertising and marketing campaigns by various internet
      Advertising and Marketing companies. Though these cookies do not
      pose immediate threats but they can be misused to capture
      confidential information like user names and passwords.
      Status:Removed
      Category: Tracking Cookie


      Infected Cookies
      C:\Documents and
      Settings\Administrateur\Cookies\administrateur@xiti[1].txt

      Monitoring (General Components)
      Details: A Monitorirng Program is a program that monitors and
      records the user’s activity on the infected system. Such a program
      generally runs in stealth mode, without the knowledge of the user
      and can be controlled from a remote location. It can be used to
      capture keystrokes and details about websites visited, windows
      viewed, applications and passwords used, IM conversations, documents
      accessed, e-mails sent and received etc by the user. It may also
      take screenshots of the system at set intervals. Such programs are
      generally installed without consent and should be removed
      immediately upon detection as they pose a serious threat to users'
      privacy and security and render the system vulnerable to attacks.
      Status:Removed
      Category: Monitoring


      Infected files detected

      FileName: c:\documents and settings\administrateur\mes
      documents\v plug 194 full\sqlite.mdl
      MD5: fec17d5fb09a03376d3aa204c65562a7 (362029 Bytes)

      Riskware-P2P.Reboot.f
      Details: A P2P (Peer to Peer) Program is basically a technique to
      share files between systems in a network without the help of a
      central server. These programs usually come bundled with other
      adware applications or advertising softwares and may result in the
      infringement of one’s privacy and security. The user may be exposed
      to data privacy risks as the sharing of files may bring infections
      on to the user’s computer. It can cause the system to slow down and
      hence it is advised that the user removes this program from his
      system if not installed for a genuine purpose.
      Status:Removed
      Category: Riskware


      Infected files detected

      FileName: c:\program files\navilog1\reboot.exe
      MD5: f8d97683b922fa73b81bd0778a60f0df (24576 Bytes)
      0
  7. PayneStewart Messages postés 1052 Statut Membre 266
     
    Ok .. tu redémarres ton PC, et tu notes ce qui "se passe/se dit " ... j'ai besoin d'autant de détails que possible ...
    Là je vais manger (j'ai très faim) mais je reviens dans pas longtemps ;)
    0
    1. lydiel62
       
      Ok a tout de suite

      Bon appetit ;))
      0
  8. lydiel62
     
    J ai reboote et j ai toujours le meme message : RUNDLL Erreur de chargement de ctccw32.dll Le module specifie est introuvable
    0
  9. PayneStewart Messages postés 1052 Statut Membre 266
     
    Désolé ... des amis sont passés pour le café .... et ils sont un peu bavards ;)
    C'est reparti .....

    * Télécharge SDFix sur ton bureau

    * Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

    * Redémarre ton ordinateur en mode sans échec

    * Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur "RunThis.bat" pour lancer le script.

    * Appuie sur Y pour commencer le processus de nettoyage.

    Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

    * Appuie sur une touche pour redémarrer le PC.

    Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

    Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

    Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse ,

    avec un nouveau log HijackThis
    0
  10. LydieL62 Messages postés 14 Statut Membre
     
    voici SDFIX

    [b]SDFix: Version 1.145 [/b]

    Run by Administrateur on 23/02/2008 at 20:29

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\DOCUME~1\ADMINI~1\Bureau\THESDF~1\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\system32\ctccw32.dll - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-23 20:33:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:ee,ce,3d,06,49,18,33,9e,80,21,6f,0c,ef,91,9f,80,eb,e3,93,46,8d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,ac,97,97,22,1a,58,4a,5d,de,e3,d1,73,ea,1b,be,ab,..
    "khjeh"=hex:f2,21,f9,ce,af,5e,fa,74,e6,3d,3a,d8,4d,07,72,44,c1,f6,bf,9b,2d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:9a,22,da,05,86,59,3f,47,d5,d5,55,07,29,87,0e,97,a2,62,ef,31,fd,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:c6,51,ea,5e,c4,6f,39,62,db,cd,b3,5f,7a,02,c7,b1,f4,9a,4a,57,fd,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:ee,ce,3d,06,49,18,33,9e,80,21,6f,0c,ef,91,9f,80,eb,e3,93,46,8d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,ac,97,97,22,1a,58,4a,5d,de,e3,d1,73,ea,1b,be,ab,..
    "khjeh"=hex:f2,21,f9,ce,af,5e,fa,74,e6,3d,3a,d8,4d,07,72,44,c1,f6,bf,9b,2d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:b2,ea,33,f7,fc,13,cd,fb,2b,bb,73,c1,12,d1,6e,98,a7,f4,ed,8a,32,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:57,87,40,31,cd,4c,2b,6f,fa,ea,8b,fa,ac,2b,2b,3f,23,da,78,45,cd,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:28b9bdbd
    "s2"=dword:3e7514b8
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:ee,ce,3d,06,49,18,33,9e,80,21,6f,0c,ef,91,9f,80,eb,e3,93,46,8d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,ac,97,97,22,1a,58,4a,5d,de,e3,d1,73,ea,1b,be,ab,..
    "khjeh"=hex:f2,21,f9,ce,af,5e,fa,74,e6,3d,3a,d8,4d,07,72,44,c1,f6,bf,9b,2d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:b1,3f,6b,76,d2,b6,f6,4b,86,21,68,5e,ba,35,12,3c,d4,d5,88,7e,c8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:09,de,42,24,25,2b,e9,8d,22,ec,a7,4f,54,27,35,38,64,5b,b1,50,4d,..
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]
    "ujdew"=hex:20,02,00,00,1f,48,d8,22,c3,65,96,95,83,5c,86,92,95,a8,02,17,6f,..
    "ljej40"=hex:31,a1,3d,ec,2c,01,90,e6,1a,c8,15,63,fb,a6,00,ea,c9,bb,64,72,70,..
    "ljej41"=hex:e8,86,3b,ec,54,31,96,e6,90,f0,12,63,ef,e7,06,ea,56,f2,62,72,38,..
    "ljej42"=hex:b0,1c,30,ec,40,c4,9d,e6,e0,04,19,63,1b,72,0d,ea,0e,67,69,72,bd,..
    "ljej43"=hex:8e,47,29,ec,ce,ec,84,e6,3b,3d,00,63,5f,5a,14,ea,e3,bf,71,72,bf,..
    "ljej44"=hex:84,0e,26,ec,18,b7,8b,e6,64,75,0f,63,4b,62,1b,ea,2a,70,7f,72,05,..
    "ljej45"=hex:5f,8f,1f,ec,fe,34,b2,e6,88,f4,36,63,80,e5,22,ea,a8,f1,46,72,58,..
    "ljej46"=hex:ee,cc,15,ec,4d,75,b8,e6,a5,b2,3c,63,9e,27,28,ea,c3,33,4c,72,be,..
    "ljej47"=hex:01,d3,13,ec,52,78,be,e6,6a,b7,3a,63,21,23,2e,ea,8c,37,4a,72,be,..
    "ljej48"=hex:75,e2,09,ec,48,4b,a4,e6,4a,98,20,63,7c,f0,34,ea,72,e7,50,72,fe,..
    "ljej49"=hex:ce,47,04,ec,03,ed,a9,e6,40,3a,2d,63,a5,5e,39,ea,aa,45,5d,72,76,..
    "ljej410"=hex:53,fc,02,ec,f2,62,af,e6,66,a1,2b,63,af,c9,3f,ea,e5,ce,5b,72,13,..
    "ljej411"=hex:bf,0f,79,ec,85,b2,d4,e6,9b,71,50,63,d5,19,44,ea,17,7f,20,72,9c,..
    "ljej412"=hex:d5,7b,74,ec,86,de,d9,e6,47,2d,5d,63,1c,4c,49,ea,b9,4b,2d,72,e9,..
    "ljej413"=hex:9d,a1,3d,ec,54,01,90,e6,1b,c8,14,63,fa,a6,00,ea,c9,bb,64,72,10,..
    "ljej414"=hex:9d,a1,3d,ec,54,01,90,e6,1b,c8,14,63,fa,a6,00,ea,c9,bb,64,72,10,..
    "ljej415"=hex:9d,a1,3d,ec,54,01,90,e6,1b,c8,14,63,fa,a6,00,ea,c9,bb,64,72,10,..
    "ljej416"=hex:9d,a1,3d,ec,54,01,90,e6,1b,c8,14,63,fa,a6,00,ea,c9,bb,64,72,10,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:ee,ce,3d,06,49,18,33,9e,80,21,6f,0c,ef,91,9f,80,eb,e3,93,46,8d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,d5,ac,97,97,22,1a,58,4a,5d,de,e3,d1,73,ea,1b,be,ab,..
    "khjeh"=hex:f2,21,f9,ce,af,5e,fa,74,e6,3d,3a,d8,4d,07,72,44,c1,f6,bf,9b,2d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:b1,3f,6b,76,d2,b6,f6,4b,86,21,68,5e,ba,35,12,3c,d4,d5,88,7e,c8,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
    "khjeh"=hex:09,de,42,24,25,2b,e9,8d,22,ec,a7,4f,54,27,35,38,64,5b,b1,50,4d,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
    "DisplayName"="Alcohol 120%"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E7B8DF41-E789-06B3-1349-BB56262E33EF}]
    "hagbdojfekkkfnho"=hex:6a,61,61,66,67,66,65,70,63,67,66,6a,64,68,6b,64,64,65,63,66,00,..
    "iaecjdccmlhiaepomk"=hex:6a,61,61,66,67,66,65,70,63,67,66,6a,64,68,6b,64,64,65,63,66,00,..

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 17

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
    "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando"
    "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
    "C:\\Program Files\\ProgDVB\\ProgDvbNet.exe"="C:\\Program Files\\ProgDVB\\ProgDvbNet.exe:*:Enabled:ProgDvbNet"
    "C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Nero\\Nero Web\\SetupX.exe:*:Enabled:Nero ControlCenter"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe"="C:\\Documents and Settings\\Administrateur\\Local Settings\\Temp\\OnlineUpdate8\\SetupXu.exe:*:Enabled:Nero ControlCenter"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Opera\\Opera.exe"="C:\\Program Files\\Opera\\Opera.exe:*:Enabled:Opera Internet Browser"
    "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
    "C:\\WINDOWS\\system32\\dxdiag.exe"="C:\\WINDOWS\\system32\\dxdiag.exe:*:Enabled:Outil de diagnostic Microsoft DirectX"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\ADMINI~1\Bureau\THESDF~1\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT5.tmp"

    [b]Finished![/b]

    ET LE DEXIEME :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:40:57, on 23/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\WINDOWS\System32\snmp.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\tgbstarter.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    C:\Program Files\MINDSCAPE\MCF\TGBBOB.exe
    C:\WINDOWS\SYSTEM32\notepad.exe
    C:\Program Files\ASUS\Ai Booster\OverClk.exe
    C:\Program Files\ASUS\Asus Probe\AsusProb.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Soft4Ever\looknstop\looknstop.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
    C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    C:\Program Files\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O4 - HKLM\..\Run: [Overclk.exe] "C:\\Program Files\\ASUS\\Ai Booster\\OverClk.exe"
    O4 - HKLM\..\Run: [AsusProb.exe] "C:\\Program Files\\ASUS\\Asus Probe\\AsusProb.exe"
    O4 - HKLM\..\Run: [ASUS Probe] "C:\Program Files\ASUS\Asus Probe\AsusProb.exe"
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [UberIcon] "C:\\Program Files\\UberIcon\\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
    O4 - HKCU\..\Run: [Uniblue SpyEraser] C:\\Program Files\\Uniblue\\SpyEraser\\SpyEraser.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - https://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: TGBBOB - C:\WINDOWS\SYSTEM32\TGBBOBNotif.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: TGB::BOB! Starter - Unknown owner - C:\WINDOWS\system32\tgbstarter.exe
    O23 - Service: TGB::BOB! (TGBBOB) - SISTECH - TheGreenBow - C:\Program Files\MINDSCAPE\MCF\TGBBOB.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
    0
  11. PayneStewart Messages postés 1052 Statut Membre 266
     
    La préparation de ce que tu vas avoir à faire est longue ... (3/4 d'H à 1H)
    En plus faut que je bouffe, et que je fasse la vaisselle ;) ... ( environ 40 mn)
    Donc je ne serai pas de retour avant un petit moment, tu peux aller faire le ménage et passer l'aspirateur !!!

    PS : Ho la vilaine que télécharge avec 2 logiciels, et qui après vient pleurer parcequ'elle a un "truc" ...
    0
  12. LydieL62 Messages postés 14 Statut Membre
     
    Les 3/4 du temps les saloperies que je choppe c est par mail ex:

    Votre option Anti-virus Mail a détecté un virus dans l'un des messages qui vous était destiné.
    Le message ci-dessous contenait un ou plusieurs fichiers infecté(s) par le virus suivant : HTML.Phishing.Bank-1275

    Le virus a été détruit et le cas échéant les pièces jointes infectées.
    L'expéditeur déclaré pour ce message est c_service.id9463-48291669CBF@citibank.com.

    Pour plus de sécurité, nous vous invitons à le prévenir des virus détectés.

    Merci de votre confiance,

    Votre service clients laposte.net
    0
  13. PayneStewart Messages postés 1052 Statut Membre 266
     
    Mauvaise nouvelle, un petit lociciel que tu devais télécharger n'existe plus :(((((
    On va essayer autrement ...

    Tu ouvres n'importe quel sous-répertoire, puis :
    "outils/options des dossiers/ onglet "affichage""
    Tu descends et tu valides "afficher contenu dossiers systeme"
    ainsi que "afficher les dossiers et fichers cachés"
    Tu valides, tu refermes ...

    Maintenant,

    Lance le scan de HJT
    Coche les cases de :

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp

    O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)

    O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)

    Ferme tous les autres prog y compris IE et clique sur "Fix CHECKED"

    Puis

    Tu ouvres le répertoire : c:\windows\system32\
    Tu cherches "ctccw32.dll" tu le mets à la poubelle et tu le vires avec TuneUp Shredder.
    S'il n'est plus là : tant mieux !
    Tu redémarres ton PC, tu me redonnes un log HJT en me disant si ça va ...

    0
    1. LydieL62 Messages postés 14 Statut Membre
       
      Apres plusieurs manip sur mon pc mon message erreur de chargement de ctccw32.dll a disparu suite a la re-installation de mon programme LOOK N STOP ( un pare feu ) celui ci avait un probleme de pilote
      Donc mon probleme est resolu ( apparemment )

      Je te remercie de ton aide encore une fois.
      Cordialement.

      Ps : esperant qu'il soit resolu pour de bon, je verrai ca demain apres une bonne nuit de sommeil.
      0
  14. PayneStewart Messages postés 1052 Statut Membre 266
     
    Moi aussi, je vais aller me faire dormir les yeux ...

    N'oublie pas de marquer ton problème comme "résolu" demain !

    Bonne nuit !
    0
  15. LydieL62 Messages postés 14 Statut Membre
     
    Apres la desinstallation de mon parefeu look n stop ,qui avait un probleme de driver, et la reinstallation de celui ci , mon message d erreur au demarrage avait disparu.

    Merci encore a toi PayneStewart , pour ton aide.

    Bon dimanche

    Lydie
    0