Pb IE
juju29
-
d0ne Messages postés 1019 Statut Membre -
d0ne Messages postés 1019 Statut Membre -
Bonjour, j'ai des soucis en ouvrant ma boîte hotmail: à savoir que internet explorer "doit fermer car ..." impossible de voir mes mails et c'est le seul endroit; je surfe normalement sinon!!
de plus dans C: j'ai un dossier Gbplugin; je pense être infecté!!
voici mon rapport Hijack:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:26:04, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\3PGTZH96\HiJackThis_v2[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Banco do Brasil S.A. - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUG~1\gbiehcef.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 "C:\PROGRA~1\GBPLUG~1\gbiehcef.dll" SpecialFunction
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: bw+0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw+0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw-0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw-0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw00 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw00s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw10 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw10s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw20 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw20s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw30 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw30s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw40 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw40s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw50 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw50s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw60 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw60s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw70 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw70s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw80 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw80s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw90 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw90s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwa0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwa0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwb0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwb0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwc0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwc0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwd0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwd0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwe0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwe0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwf0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwf0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwg0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwh0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwh0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwi0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwi0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwj0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwj0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwk0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwk0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwl0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwl0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwm0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwm0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwn0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwn0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwo0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwo0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwp0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwp0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwq0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwq0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwr0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwr0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bws0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bws0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwt0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwt0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwu0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwu0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwv0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwv0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bww0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bww0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwx0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwx0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwy0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwy0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwz0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwz0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: offline-8876480 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O20 - Winlogon Notify: GbiehCef - C:\PROGRA~1\GBPLUG~1\gbiehcef.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://gfx2.hotmail.com/tab.bg.dln.gif
de plus dans C: j'ai un dossier Gbplugin; je pense être infecté!!
voici mon rapport Hijack:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:26:04, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Julien\Local Settings\Temporary Internet Files\Content.IE5\3PGTZH96\HiJackThis_v2[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Banco do Brasil S.A. - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRA~1\GBPLUG~1\gbiehcef.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Policies\Explorer\Run: [gbieh.1] rundll32 "C:\PROGRA~1\GBPLUG~1\gbiehcef.dll" SpecialFunction
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O18 - Protocol: bw+0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw+0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw-0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw-0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw00 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw00s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw10 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw10s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw20 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw20s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw30 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw30s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw40 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw40s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw50 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw50s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw60 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw60s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw70 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw70s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw80 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw80s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw90 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bw90s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwa0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwa0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwb0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwb0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwc0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwc0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwd0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwd0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwe0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwe0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwf0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwf0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwg0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwh0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwh0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwi0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwi0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwj0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwj0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwk0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwk0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwl0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwl0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwm0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwm0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwn0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwn0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwo0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwo0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwp0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwp0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwq0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwq0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwr0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwr0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bws0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bws0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwt0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwt0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwu0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwu0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwv0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwv0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bww0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bww0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwx0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwx0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwy0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwy0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwz0 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: bwz0s - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O18 - Protocol: offline-8876480 - {DA8BFD08-DA93-43A2-BEBC-3231D47303A2} - (no file)
O20 - Winlogon Notify: GbiehCef - C:\PROGRA~1\GBPLUG~1\gbiehcef.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
O24 - Desktop Component 0: (no name) - http://gfx2.hotmail.com/tab.bg.dln.gif
4 réponses
salut a toi
je te conseille de faire un peu de ménage déjà
pour supprimer tout ce qui est fichiers temporaires et autres fichiers inutiles je te conseille CCLEANER dispo --> https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html <--
tu l'installe et tu coche toutes les cases ainsi que "désinstalleur de hotfixes" . coche les cases aussi présentes dans l'onglet application ensuite clique sur nettoyage.
concernant ton log hijackthis :
tu peux supprimer toutes lignes commençant O18 SAUF O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
ensuite je ne sais pas car je ne suis pas expert en analyse de ces log.
je te conseille de faire un peu de ménage déjà
pour supprimer tout ce qui est fichiers temporaires et autres fichiers inutiles je te conseille CCLEANER dispo --> https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html <--
tu l'installe et tu coche toutes les cases ainsi que "désinstalleur de hotfixes" . coche les cases aussi présentes dans l'onglet application ensuite clique sur nettoyage.
concernant ton log hijackthis :
tu peux supprimer toutes lignes commençant O18 SAUF O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
ensuite je ne sais pas car je ne suis pas expert en analyse de ces log.
Je ne sais pas à quoi correspond le dossier Gbplugin dans mon disque C:
Mon problème sur homail peut-il venir de là?
merci d'avance pour vos réponses...
Mon problème sur homail peut-il venir de là?
merci d'avance pour vos réponses...
Concernant les lignes à supprimer je fais le nécessaire!
merci!
Je veux bien d'autres avis concernant mon log!