Log hijack trojan Vundo ??

SEBSEB -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Voila j'ai mon pc qui est infecté
J'ai fait des scans et du nettoyage avec : ad-aware, spybot, ccleaner, malwarebytes, a-squared et antivir
Voila mon log hijack Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:07, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\lxcqcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
C:\Program Files\Lexmark 9300 Series\ezprint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Booster Wanadoo\wanadoo_booster.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7180
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:7180;majkit1.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\smss.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BFEA982-9F40-4181-8DA1-9A7C91CB117B} - (no file)
O2 - BHO: (no name) - {0CDAB007-7588-4459-A277-12BAFC9F6D44} - (no file)
O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
O2 - BHO: (no name) - {2B7643CE-88FB-4E04-9A7C-9E839DAC08C9} - (no file)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
O2 - BHO: (no name) - {4318A528-50C7-43E5-93C4-763F150B9237} - (no file)
O2 - BHO: (no name) - {46297DE9-7FCD-4950-B200-AFB110DC1113} - (no file)
O2 - BHO: (no name) - {4B6159EE-3BEF-4915-B836-F03B0C183342} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {537354fa-cc73-48b0-8ab2-08c3a7cdd90e} - (no file)
O2 - BHO: (no name) - {6664CDE0-A32E-423B-923B-B63E035051D4} - (no file)
O2 - BHO: (no name) - {7354fc71-a1a2-4464-ba72-e6e6a8d306bf} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C551F0C-AC8B-46B1-AA0E-C7AE859F9DAA} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8eb7222d-f327-47fd-baee-a0c8e0ad3783} - (no file)
O2 - BHO: (no name) - {96E222A9-0B7C-477A-A48C-AF603553BA1C} - (no file)
O2 - BHO: (no name) - {9B7E007E-295E-426C-A57D-EE9D2E74AE2F} - (no file)
O2 - BHO: (no name) - {9ca2db6b-7c87-4494-9630-ddf35dc037e3} - (no file)
O2 - BHO: (no name) - {9CB22642-973B-4344-B05A-89EBF3D501DA} - (no file)
O2 - BHO: (no name) - {A254C2CC-81AB-47F7-9761-46277B1B8521} - (no file)
O2 - BHO: (no name) - {B8DFD44F-C9ED-48F0-B458-9413258C2B75} - (no file)
O2 - BHO: (no name) - {C5C4BFEC-BFFA-473D-AA37-21EBF71C01C4} - (no file)
O2 - BHO: (no name) - {c6f6eb04-b2fc-428d-b2d0-ad7542a55a2d} - (no file)
O2 - BHO: (no name) - {DA5F827F-2AD5-4D1C-9910-D9986842BF31} - (no file)
O2 - BHO: (no name) - {e8c36228-838b-4169-b534-b5444e557551} - (no file)
O2 - BHO: (no name) - {ED1D943C-5175-4D77-9D74-9592BABF1F70} - (no file)
O2 - BHO: (no name) - {F7550D4A-0AC9-46BF-A9CE-5ED8AB6EB045} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Booster Orange.lnk = C:\Program Files\Booster Wanadoo\wanadoo_booster.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Afficher l'image non compressée - res://C:\Program Files\Booster Wanadoo\wanadoo_booster.exe/227
O8 - Extra context menu item: Afficher toutes les images non compressées - res://C:\Program Files\Booster Wanadoo\wanadoo_booster.exe/250
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\BetwayMPP\MPPoker.exe
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: pmnnool - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 13132 bytes
Configuration: Windows XP
Internet Explorer 6.0

2 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    les jeux de poker c'est source de pubs...

    _____________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7180
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:7180;majkit1.orange.fr
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\smss.exe

    O2 - BHO: (no name) - {0BFEA982-9F40-4181-8DA1-9A7C91CB117B} - (no file)
    O2 - BHO: (no name) - {0CDAB007-7588-4459-A277-12BAFC9F6D44} - (no file)
    O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
    O2 - BHO: (no name) - {2B7643CE-88FB-4E04-9A7C-9E839DAC08C9} - (no file)
    O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
    O2 - BHO: (no name) - {4318A528-50C7-43E5-93C4-763F150B9237} - (no file)
    O2 - BHO: (no name) - {46297DE9-7FCD-4950-B200-AFB110DC1113} - (no file)
    O2 - BHO: (no name) - {4B6159EE-3BEF-4915-B836-F03B0C183342} - (no file)
    O2 - BHO: (no name) - {537354fa-cc73-48b0-8ab2-08c3a7cdd90e} - (no file)
    O2 - BHO: (no name) - {6664CDE0-A32E-423B-923B-B63E035051D4} - (no file)
    O2 - BHO: (no name) - {7354fc71-a1a2-4464-ba72-e6e6a8d306bf} - (no file)
    O2 - BHO: (no name) - {7C551F0C-AC8B-46B1-AA0E-C7AE859F9DAA} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8eb7222d-f327-47fd-baee-a0c8e0ad3783} - (no file)
    O2 - BHO: (no name) - {96E222A9-0B7C-477A-A48C-AF603553BA1C} - (no file)
    O2 - BHO: (no name) - {9B7E007E-295E-426C-A57D-EE9D2E74AE2F} - (no file)
    O2 - BHO: (no name) - {9ca2db6b-7c87-4494-9630-ddf35dc037e3} - (no file)
    O2 - BHO: (no name) - {9CB22642-973B-4344-B05A-89EBF3D501DA} - (no file)
    O2 - BHO: (no name) - {A254C2CC-81AB-47F7-9761-46277B1B8521} - (no file)
    O2 - BHO: (no name) - {B8DFD44F-C9ED-48F0-B458-9413258C2B75} - (no file)
    O2 - BHO: (no name) - {C5C4BFEC-BFFA-473D-AA37-21EBF71C01C4} - (no file)
    O2 - BHO: (no name) - {c6f6eb04-b2fc-428d-b2d0-ad7542a55a2d} - (no file)
    O2 - BHO: (no name) - {DA5F827F-2AD5-4D1C-9910-D9986842BF31} - (no file)
    O2 - BHO: (no name) - {e8c36228-838b-4169-b534-b5444e557551} - (no file)
    O2 - BHO: (no name) - {ED1D943C-5175-4D77-9D74-9592BABF1F70} - (no file)
    O2 - BHO: (no name) - {F7550D4A-0AC9-46BF-A9CE-5ED8AB6EB045} - (no file)

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)

    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: pmnnool - C:\WINDOWS\

    ___________________

    Télécharge MSNFix de Laurent
    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le et double clic sur le fichier MSNFix.bat.
    - Exécute l'option R.
    --Si l'infection est détectée, exécute l'option N
    - Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.

    envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr pour faire evoluer msnfix

    ___________________

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    __________________
    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    _____________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
    1. SEBSEB
       
      Voila j'ai tout fini alors
      Merci beaucoup pour l'aide

      le rapport msnfix :
      MSNFix 1.701

      C:\Documents and Settings\c\Bureau\jlpjlp\MSNFix\MSNFix
      Fix exécuté le 08/04/2008 - 17:32:29,43 By c
      mode normal

      ************************ Recherche les fichiers présents

      ... C:\DOCUME~1\c\LOCALS~1\Temp\Setup.exe
      ... C:\WINDOWS\cookies.ini
      ... C:\WINDOWS\system32\vbzip10.dll

      ************************ Recherche les dossiers présents

      ... \TEMP\




      ************************ Suppression des fichiers

      .. OK ... C:\DOCUME~1\c\LOCALS~1\Temp\Setup.exe
      .. OK ... C:\WINDOWS\cookies.ini
      .. OK ... C:\WINDOWS\system32\vbzip10.dll


      ************************ Suppression des dossiers

      /!\ ... \TEMP\


      ************************ Nettoyage du registre



      Les fichiers encore présents seront supprimés au prochain redémarrage


      Aucun Fichier trouvé



      ************************ Fichiers suspects

      /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

      [C:\eMule0.47c-Installer.exe] D388CDC4DDA65263F7DB385989AF7160

      [color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\c\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



      Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08042008_17354890.zip

      ************************ HKLM\...\Winlogon\Userinit

      Userinit = C:\WINDOWS\system32\userinit.exe,


      ------------------------------------------------------------------------
      Auteur : !aur3n7 Contact: https://www.ionos.fr/
      ------------------------------------------------------------------------

      --------------------------------------------- END ---------------------------------------------


      Pas de Vundo détecté = pas de rapport

      04/08/2008, 17:54:09] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\c\Bureau\VirtumundoBeGone.exe" )
      [04/08/2008, 17:54:15] - Detected System Information:
      [04/08/2008, 17:54:15] - Windows Version: 5.1.2600, Service Pack 2
      [04/08/2008, 17:54:15] - Current Username: c (Admin)
      [04/08/2008, 17:54:15] - Windows is in NORMAL mode.
      [04/08/2008, 17:54:15] - Searching for Browser Helper Objects:
      [04/08/2008, 17:54:15] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
      [04/08/2008, 17:54:15] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
      [04/08/2008, 17:54:15] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
      [04/08/2008, 17:54:15] - Finished Searching Browser Helper Objects
      [04/08/2008, 17:54:15] - Finishing up...
      [04/08/2008, 17:54:15] - Nothing found! Exiting...


      Et Combofix :

      ComboFix 08-04-07.5 - c 2008-04-08 17:55:49.1 - NTFSx86
      Endroit: C:\Documents and Settings\c\Bureau\killbagle.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Temp\1cb
      C:\Temp\1cb\syscheck.log
      C:\Temp\gbRve12
      C:\Temp\gbRve12\csLioes.log
      C:\WINDOWS\BM132a1eef.xml
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\aqVreo18
      C:\WINDOWS\system32\ext
      C:\WINDOWS\system32\ggusapfm.ini
      C:\WINDOWS\system32\hkmujhjq.ini
      C:\WINDOWS\system32\pqstv.ini
      C:\WINDOWS\system32\pqstv.ini2
      C:\WINDOWS\system32\rawvpjoi.ini
      C:\WINDOWS\system32\sdoqpgkd.ini
      C:\WINDOWS\system32\tuvuvust.dll
      C:\WINDOWS\system32\utstv.ini
      C:\WINDOWS\system32\utstv.ini2
      C:\WINDOWS\system32\wyadd.ini
      C:\WINDOWS\system32\wyadd.ini2
      C:\WINDOWS\system32\xmuacgbs.ini
      E:\Autorun.inf

      .
      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-08 to 2008-04-08 ))))))))))))))))))))))))))))))))))))
      .

      2008-04-08 15:44 . 2008-04-08 15:44 <REP> d-------- C:\VundoFix Backups
      2008-04-08 00:55 . 2008-04-08 00:55 <REP> d-------- C:\Program Files\CCleaner
      2008-04-08 00:42 . 2008-04-08 00:42 <REP> d-------- C:\Documents and Settings\c\Application Data\Malwarebytes
      2008-04-07 23:04 . 2008-04-07 23:04 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-04-07 23:04 . 2008-04-07 23:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-07 23:04 . 2008-04-07 23:04 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
      2008-04-07 20:43 . 2008-04-07 20:43 <REP> d-------- C:\Program Files\Avira
      2008-04-07 20:43 . 2008-04-07 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
      2008-04-07 20:32 . 2008-04-07 21:46 <REP> d-------- C:\Program Files\a-squared Free
      2008-04-07 19:20 . 2008-04-07 19:20 <REP> d-------- C:\Program Files\Lavasoft
      2008-04-07 19:20 . 2008-04-07 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-04-07 19:16 . 2008-04-07 19:17 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-04-07 18:36 . 2004-06-01 00:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
      2008-04-07 18:36 . 2004-06-01 00:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
      2008-04-07 18:36 . 2006-07-03 12:42 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
      2008-04-07 18:36 . 2004-06-01 00:48 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
      2008-04-07 18:36 . 2004-06-01 00:48 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
      2008-04-07 18:36 . 2004-06-01 00:48 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
      2008-04-07 18:36 . 2008-04-08 00:39 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
      2008-04-07 18:36 . 2004-05-31 17:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
      2008-04-07 18:36 . 2004-05-31 17:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
      2008-04-07 18:08 . 2008-04-07 18:08 <REP> d-------- C:\Program Files\Trend Micro
      2008-04-01 21:43 . 2008-04-02 02:10 355 ---hs---- C:\WINDOWS\system32\qvjvqviu.ini
      2008-03-31 20:29 . 2008-03-31 22:42 1,597,414 ---hs---- C:\WINDOWS\system32\rnxeeiwj.ini
      2008-03-30 20:02 . 2008-03-31 20:29 1,597,294 ---hs---- C:\WINDOWS\system32\tcqvprof.ini
      2008-03-29 00:04 . 2008-03-29 19:54 1,583,757 ---hs---- C:\WINDOWS\system32\kjdwdtid.ini
      2008-03-28 19:08 . 2008-03-28 19:59 1,554,223 ---hs---- C:\WINDOWS\system32\btxtyyma.ini
      2008-03-28 18:33 . 2008-03-28 18:34 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-03-28 18:33 . 2008-03-28 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-03-28 16:35 . 2008-02-22 03:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-03-28 16:29 . 2008-04-07 18:32 <REP> d-------- C:\Documents and Settings\c\.housecall6.6
      2008-03-27 19:09 . 2008-03-28 18:17 1,584,101 ---hs---- C:\WINDOWS\system32\xhptuywh.ini
      2008-03-27 17:06 . 2008-03-27 17:06 1,583,681 ---hs---- C:\WINDOWS\system32\cjujjgdd.ini
      2008-03-26 21:59 . 2008-03-28 20:00 1,020 --a------ C:\WINDOWS\cookies.MSNFix
      2008-03-26 17:01 . 2008-03-27 17:03 1,583,621 ---hs---- C:\WINDOWS\system32\edbsqsks.ini
      2008-03-25 20:06 . 2008-03-25 20:06 147,456 --a------ C:\WINDOWS\system32\vbzip10.MSNFix
      2008-03-25 20:05 . 2008-04-07 18:31 <REP> d-------- C:\WINDOWS\system32\xir
      2008-03-25 20:05 . 2008-03-26 18:39 <REP> d-------- C:\WINDOWS\system32\imd4
      2008-03-25 20:05 . 2008-03-25 20:05 <REP> d-------- C:\WINDOWS\system32\DL
      2008-03-25 20:05 . 2008-03-25 20:05 39,883 --a------ C:\WINDOWS\system32\targetedbanner-uninst.exe
      2008-03-25 20:03 . 2008-04-08 17:56 <REP> d-------- C:\Temp
      2008-03-25 20:01 . 2008-03-28 16:56 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
      2008-03-25 14:57 . 2008-04-08 00:48 <REP> d-------- C:\Program Files\Steam
      2008-03-25 14:44 . 2008-04-07 19:37 903 --a------ C:\WINDOWS\wininit.ini
      2008-03-23 10:24 . 2008-03-25 14:40 <REP> d-------- C:\Program Files\WON
      2008-03-23 09:56 . 1998-10-30 23:21 231,936 --------- C:\WINDOWS\system32\SNWValid.dll
      2008-03-11 16:10 . 2008-03-11 16:10 <REP> d-------- C:\WINDOWS\popup
      2008-03-11 16:10 . 2008-03-11 16:10 <REP> d-------- C:\WINDOWS\Groups
      2008-03-11 16:10 . 2008-03-11 16:10 <REP> d-------- C:\WINDOWS\Favorites

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-08 16:03 --------- d-----w C:\Program Files\Wanadoo
      2008-04-08 12:57 --------- d-----w C:\Program Files\lx_cats
      2008-04-07 18:18 --------- d-----w C:\Program Files\Norton AntiVirus
      2008-04-07 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
      2008-04-07 16:31 --------- d-----w C:\Program Files\Common Files
      2008-04-04 01:18 --------- d-----w C:\Documents and Settings\c\Application Data\dvdcss
      2008-03-28 14:57 --------- d-----w C:\Program Files\Booster Wanadoo
      2008-03-28 14:35 --------- d-----w C:\Program Files\Java
      2008-03-26 02:28 --------- d-----w C:\Program Files\eMule
      2008-03-12 20:45 --------- d-----w C:\Documents and Settings\c\Application Data\MSN6
      2008-02-29 19:19 --------- d-----w C:\Documents and Settings\c\Application Data\Microgaming
      2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
      2007-01-02 19:57 61,960 ----a-w C:\Documents and Settings\c\Application Data\GDIPFONTCACHEV1.DAT
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
      "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
      "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55 5674352]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-08 05:40 159744]
      "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-07 13:22 4730880]
      "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-01-13 09:21 245760]
      "UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
      "HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 20:03 49152]
      "HP Software Update"="c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]
      "HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:56 483328]
      "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
      "AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 10:01 88363 C:\WINDOWS\AGRSMMSG.exe]
      "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
      "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10 409600]
      "lxcqmon.exe"="C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" [2006-10-23 16:51 286720]
      "Lexmark 9300 Series Fax Server"="C:\Program Files\Lexmark 9300 Series\fm3032.exe" [2006-10-26 08:33 299008]
      "EzPrint"="C:\Program Files\Lexmark 9300 Series\ezprint.exe" [2006-10-06 11:01 77824]
      "LXCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-10-16 03:25 106496]
      "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
      "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-07 20:50 249896]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\Program Files\\eMule\\emule.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\Program Files\\NetMeeting\\conf.exe"=
      "C:\\WINDOWS\\system32\\lxcqcoms.exe"=
      "C:\\Program Files\\Steam\\SteamApps\\serbo90\\counter-strike source\\hl2.exe"=
      "C:\\Program Files\\Steam\\SteamApps\\serbo90\\day of defeat source\\hl2.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "135:TCP"= 135:TCP:TCP Port 135
      "5000:TCP"= 5000:TCP:TCP Port 5000
      "5001:TCP"= 5001:TCP:TCP Port 5001
      "5002:TCP"= 5002:TCP:TCP Port 5002
      "5003:TCP"= 5003:TCP:TCP Port 5003
      "5004:TCP"= 5004:TCP:TCP Port 5004
      "5005:TCP"= 5005:TCP:TCP Port 5005
      "5006:TCP"= 5006:TCP:TCP Port 5006
      "5007:TCP"= 5007:TCP:TCP Port 5007
      "5008:TCP"= 5008:TCP:TCP Port 5008
      "5009:TCP"= 5009:TCP:TCP Port 5009
      "5010:TCP"= 5010:TCP:TCP Port 5010
      "5011:TCP"= 5011:TCP:TCP Port 5011
      "5012:TCP"= 5012:TCP:TCP Port 5012
      "5013:TCP"= 5013:TCP:TCP Port 5013
      "5014:TCP"= 5014:TCP:TCP Port 5014
      "5015:TCP"= 5015:TCP:TCP Port 5015
      "5016:TCP"= 5016:TCP:TCP Port 5016
      "5017:TCP"= 5017:TCP:TCP Port 5017
      "5018:TCP"= 5018:TCP:TCP Port 5018
      "5019:TCP"= 5019:TCP:TCP Port 5019
      "5020:TCP"= 5020:TCP:TCP Port 5020

      R2 lxcq_device;lxcq_device;C:\WINDOWS\system32\lxcqcoms.exe [2006-11-06 18:21]
      R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
      S3 DCamUSBET151;USB CIF Camera Capture;C:\WINDOWS\system32\Drivers\et151.sys []
      S3 SE2Fbus;Sony Ericsson Device 047 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fbus.sys [2006-11-10 09:55]
      S3 SE2Fmdfl;Sony Ericsson Device 047 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Fmdfl.sys [2006-11-10 09:55]
      S3 SE2Fmdm;Sony Ericsson Device 047 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Fmdm.sys [2006-11-10 09:55]
      S3 SE2Fmgmt;Sony Ericsson Device 047 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Fmgmt.sys [2006-11-10 09:55]
      S3 se2Fnd5;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (NDIS);C:\WINDOWS\system32\DRIVERS\se2Fnd5.sys [2006-11-10 09:55]
      S3 SE2Fobex;Sony Ericsson Device 047 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Fobex.sys [2006-11-10 09:55]
      S3 se2Funic;Sony Ericsson Device 047 USB Ethernet Emulation SEMC47 (WDM);C:\WINDOWS\system32\DRIVERS\se2Funic.sys [2006-11-10 09:55]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 08:58]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc05ebda-9604-11dc-b1ad-000fb03e4771}]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      .
      **************************************************************************

      catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-08 18:02:47
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????6?9?4?7??P???? ???B???????????????B? ??????

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\wdfmgr.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
      C:\Program Files\palmOne\HOTSYNC.EXE
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-04-08 18:08:30 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-04-08 16:08:19
      Pre-Run: 37,299,126,272 octets libres
      Post-Run: 37,240,541,184 octets libres
      .
      2008-03-12 19:25:20 --- E O F ---
      0
    2. SEBSEB
       
      Suis-je toujours infecté ??
      Voila un rapport hijack apres les scanset nettoyage

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:48:51, on 08/04/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
      C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\WINDOWS\system32\lxcqcoms.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Lexmark 9300 Series\lxcqmon.exe
      C:\Program Files\Lexmark 9300 Series\ezprint.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\Program Files\palmOne\HOTSYNC.EXE
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\ALERTM~1.EXE
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7180
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:7180;majkit1.orange.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
      O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"
      O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s
      O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"
      O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,_RunDLLEntry@16
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\ext\begmgr11.exe
      O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: Booster Orange.lnk = C:\Program Files\Booster Wanadoo\wanadoo_booster.exe
      O4 - Global Startup: BTTray.lnk = ?
      O8 - Extra context menu item: Afficher l'image non compressée - res://C:\Program Files\Booster Wanadoo\wanadoo_booster.exe/227
      O8 - Extra context menu item: Afficher toutes les images non compressées - res://C:\Program Files\Booster Wanadoo\wanadoo_booster.exe/250
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Betway.com Poker - {4CBB5C71-1BA0-49ca-93CD-159AF8AA0CC9} - C:\Program Files\BetwayMPP\MPPoker.exe
      O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
      O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe
      O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
      O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0
      1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041 > SEBSEB
         
        analyse ces fichiers sur virus total: et si inféctés tu les mets dans la citation otmovit: https://www.virustotal.com/gui/

        C:\WINDOWS\system32\qvjvqviu.ini
        C:\WINDOWS\system32\rnxeeiwj.ini
        C:\WINDOWS\system32\tcqvprof.ini
        C:\WINDOWS\system32\kjdwdtid.ini
        C:\WINDOWS\system32\btxtyyma.ini
        C:\WINDOWS\system32\xhptuywh.ini
        C:\WINDOWS\system32\cjujjgdd.ini
        C:\WINDOWS\system32\edbsqsks.ini

        ___________________


        télécharge OTMoveIt
        http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
        double-clique sur OTMoveIt.exe pour le lancer.
        copie la liste qui se trouve en citation ci-dessous,
        et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

        Citation :




        clique sur MoveIt! pour lancer la suppression.
        le résultat apparaitra dans le cadre "Results".
        clique sur Exit pour fermer.
        poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

        il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

        __________________________

        vire ce qui est dans moved files en allant dans C puis OTMOVIT

        _________________________
        encore des problèmes???
        0
  2. lol
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://register.hp.com/...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7180
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:7180;majkit1.orange.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\smss.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0BFEA982-9F40-4181-8DA1-9A7C91CB117B} - (no file)
    O2 - BHO: (no name) - {0CDAB007-7588-4459-A277-12BAFC9F6D44} - (no file)
    O2 - BHO: (no name) - {16B435F6-B6CE-4F24-A568-944B27ED919C} - (no file)
    O2 - BHO: (no name) - {2B7643CE-88FB-4E04-9A7C-9E839DAC08C9} - (no file)
    O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
    O2 - BHO: (no name) - {4318A528-50C7-43E5-93C4-763F150B9237} - (no file)
    O2 - BHO: (no name) - {46297DE9-7FCD-4950-B200-AFB110DC1113} - (no file)
    O2 - BHO: (no name) - {4B6159EE-3BEF-4915-B836-F03B0C183342} - (no file)

    O2 - BHO: (no name) - {537354fa-cc73-48b0-8ab2-08c3a7cdd90e} - (no file)
    O2 - BHO: (no name) - {6664CDE0-A32E-423B-923B-B63E035051D4} - (no file)
    O2 - BHO: (no name) - {7354fc71-a1a2-4464-ba72-e6e6a8d306bf} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7C551F0C-AC8B-46B1-AA0E-C7AE859F9DAA} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8eb7222d-f327-47fd-baee-a0c8e0ad3783} - (no file)
    O2 - BHO: (no name) - {96E222A9-0B7C-477A-A48C-AF603553BA1C} - (no file)
    O2 - BHO: (no name) - {9B7E007E-295E-426C-A57D-EE9D2E74AE2F} - (no file)
    O2 - BHO: (no name) - {9ca2db6b-7c87-4494-9630-ddf35dc037e3} - (no file)
    O2 - BHO: (no name) - {9CB22642-973B-4344-B05A-89EBF3D501DA} - (no file)
    O2 - BHO: (no name) - {A254C2CC-81AB-47F7-9761-46277B1B8521} - (no file)
    O2 - BHO: (no name) - {B8DFD44F-C9ED-48F0-B458-9413258C2B75} - (no file)
    O2 - BHO: (no name) - {C5C4BFEC-BFFA-473D-AA37-21EBF71C01C4} - (no file)
    O2 - BHO: (no name) - {c6f6eb04-b2fc-428d-b2d0-ad7542a55a2d} - (no file)
    O2 - BHO: (no name) - {DA5F827F-2AD5-4D1C-9910-D9986842BF31} - (no file)
    O2 - BHO: (no name) - {e8c36228-838b-4169-b534-b5444e557551} - (no file)
    O2 - BHO: (no name) - {ED1D943C-5175-4D77-9D74-9592BABF1F70} - (no file)
    O2 - BHO: (no name) - {F7550D4A-0AC9-46BF-A9CE-5ED8AB6EB045} - (no file)
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

    fixe tou sa ensuit eva dan demarer/EXECUTER/tu tape *msconfig*san les etoile tu vas dan service tu met masker les service microsoft et la tu decoche tout sauf ton parfeu et ton antivirus pareille pour demarage et redemare ensuite on vera
    0