Trojan.spy.html.bankfraud.dq - Page 2

Résolu
Précédent
  • 1
  • 2
  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    ok

    a l´aide de hijack this coche et fix :

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} - https://www.ntrconnect.com/main/mod/setup/ntractivex118_24.cab

    comment fixer :

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    ta version de acrobat reader n´est pas a jour, tu veux la derniere verion en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

    et instale la derniere :

    https://get2.adobe.com/reader/otherversions/

    ou oublie completement acrobat reader et instales foxit plus léger a la place:

    https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

    important :

    tu surf avec internet explorer 6.0 = failles de securitées importantes

    alors fais les mises a jour windows : tu veux la version 7.0

    https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70

    et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

    http://www.mozilla-europe.org/fr/

    plugins :ad block plus, no script ect...

    https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

    puis :

    C´est un peu long mais...

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    @+
    0
  2. cht
     
    ok je suis en train de faire le scan avec malwarebyte, mais délà tt à l'heure il n'avait rien trouvé
    j'avais désinstallé ie7 pour me mettre sur mozilla mais j'avais gardé ie6 car j'ai vu que pour windows c'était un peu nécessaire, donc je réinstalle ie7, et vais poster le log de malwarebyte

    pour info depuis le fix avec combofix je n'ai plus de messages d'alerte ca me semble résolu ...
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    cht,

    Si tu as passé malwarebytes tout á l´heure et qu´il n´a rien trouvé, ce n´est pas la peine de le passer une autre fois ;)

    Oui reinstalles ie 7.0

    Oui j´imagine que tu ne dois plus avoir d´alerte ;)

    Post encore un dernier hijack this apres les manips stp

    @+
    0
  4. cht
     
    Bon voici le log highjackthis, ya plus rien c'est niquel !
    Merci à tous pour votre travail.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:02:11, on 24/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://by130w.bay130.mail.live.com
    O15 - Trusted Zone: www.live.com
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{949D8D2F-5FB8-4D6E-84FA-2A41158AEF7A}: NameServer = 212.27.53.252,212.27.54.252
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    Salut Cht,

    Excuse pour le delais...

    A l´aide de hijack this coche et fix encore ceci :

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab

    puis tu n´as pas de par feu :

    Installes :

    Comodo 3 pro :

    http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

    tuto : https://www.malekal.com/tutorial-comodo-firewall/

    Ou

    Online armor :

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    tuto : https://www.malekal.com/tutorial-online-armor-free/

    ou zone alarm plus facil a configurer mais moins performant

    https://www.malekal.com/tutoriel-zonealarm-firewall/

    Bonus :

    anti spyware :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : https://www.malekal.com/tutorial-spywareblaster/

    Pour supprimer les outils utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    Voila`

    Bises`

    @+
    0
  7. cht
     
    salut, j'ai effectué toutes les modifs je crois, je poste le rapport tcleaner

    en tout cas merci pour tout, c'est du super boulot bravo à toi et à ton équipe !!!

    @+
    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    Tres bien Cht`

    Nos chemins se séparent maintenant...

    De rien ;)

    Bonne continuation`

    bye`

    g!rly`
    0
    1. souriez
       
      Bonjour g!rly,

      J'ai les mêmes sypmtômes que ceux des 2 personnes dont tu es arrivé à résoudre le problème, i.e. les messages "trojan.spy.html.bankfraud.dq", "trojan.spy.Win32.KeyLogger.aa" et d'autres du même style.

      ça serait très sympa de me consacrer quelques minutes afin de résoudre ce pb. Si girly est non disponible, une autre personne serait la bienvenue pour m'aider à resoudre ce pb.

      Voici le rapport de hijackthis (à noter que j'ai remplacé quelques données confidentielles - en italique dans le texte - par d'autres données):

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:39:21, on 29/08/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      C:\Program Files\Microsoft LifeCam\MSCamS32.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
      C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
      C:\WINDOWS\Explorer.EXE
      C:\Documents and Settings\All Users\Application Data\tudwxije\xmfgvcts.exe
      C:\PROGRA~1\CA\ETRUST~1\realmon.exe
      C:\WINDOWS\vVX1000.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\system32\dgvuvyts.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O1 - Hosts: aaa.aa.aa.a hostname
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
      O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
      O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
      O4 - HKLM\..\Run: [lphcna7j0ev9n] C:\WINDOWS\system32\lphcna7j0ev9n.exe
      O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [actappsys] C:\WINDOWS\system32\dgvuvyts.exe
      O4 - HKLM\..\Policies\Explorer\Run: [QCubDm006X] C:\Documents and Settings\All Users\Application Data\tudwxije\xmfgvcts.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = domainname.fr
      O17 - HKLM\Software\..\Telephony: Domain = domainnamee.fr
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = domainname.fr
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O21 - SSODL: WebDbSrv - {095D83D2-21D2-94AE-C15E-04020A44AD9F} - C:\Program Files\jksrqdf\WebDbSrv.dll
      O21 - SSODL: wyszLKqtu - {AC8F8CAB-0625-2601-DC0C-BA469FDDC927} - C:\WINDOWS\system32\ofuc.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
      O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
      O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
      O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
      O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
      O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
      0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bonjour,

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    A bientôt ''
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    apparemment ep44 a assuré ?!
    ;)
    0
  11. spiderlolo Messages postés 4 Statut Membre
     
    salut meme probleme voici mon rapport:

    ComboFix 08-09-10.02 - SPIDER LOLO 2008-09-11 11:32:40.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1842 [GMT 2:00]
    Endroit: C:\Users\SPIDER LOLO\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Windows\system32\AutoRun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-08-11 to 2008-09-11 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-11 09:10 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\FrostWire
    2008-09-09 23:56 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\CyberLink
    2008-09-09 20:25 --------- d-----w C:\ProgramData\ProcCfgApl
    2008-09-09 17:07 --------- d-----w C:\Program Files\LCI
    2008-09-09 08:30 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Skype
    2008-09-09 08:25 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\skypePM
    2008-09-08 18:46 56 ---ha-w C:\Users\All Users\ezsidmv.dat
    2008-09-08 18:46 56 ---ha-w C:\ProgramData\ezsidmv.dat
    2008-09-08 15:06 --------- d-----w C:\ProgramData\Skype
    2008-09-08 15:06 --------- d-----w C:\Program Files\Skype
    2008-09-08 15:06 --------- d-----w C:\Program Files\Common Files\Skype
    2008-09-08 06:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-08 06:37 --------- d-----w C:\ProgramData\Ulead Systems
    2008-09-07 20:56 --------- d-----w C:\ProgramData\Symantec
    2008-09-07 10:50 --------- d-----w C:\Program Files\FrostWire
    2008-09-07 00:23 --------- d-----w C:\Program Files\VDOWNLOADER
    2008-09-06 23:58 --------- d-----w C:\Program Files\EoRezo
    2008-09-06 23:40 --------- d---a-w C:\ProgramData\TEMP
    2008-09-04 21:17 --------- d-----w C:\ProgramData\eMule
    2008-09-04 21:17 --------- d-----w C:\Program Files\eMule
    2008-09-04 10:51 --------- d-----w C:\ProgramData\Megaupload
    2008-09-04 10:51 --------- d-----w C:\ProgramData\EmailNotifier
    2008-09-04 06:45 --------- d-----w C:\Program Files\WebSite X5 Evolution
    2008-09-03 16:13 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Sony
    2008-09-03 16:13 --------- d-----w C:\ProgramData\Sony
    2008-09-03 16:03 --------- d-----w C:\Program Files\Sony Ericsson
    2008-09-03 16:03 --------- d-----w C:\Program Files\QuickTime
    2008-09-03 16:02 --------- d-----w C:\ProgramData\Apple Computer
    2008-09-03 16:02 --------- d-----w C:\ProgramData\Apple
    2008-09-03 16:02 --------- d-----w C:\Program Files\Apple Software Update
    2008-09-03 15:44 --------- d-----w C:\ProgramData\Sony Ericsson
    2008-09-01 22:17 --------- d-----w C:\Program Files\Micro Application
    2008-08-31 13:44 --------- d-----w C:\Program Files\Architecte 3D Platinium Demo
    2008-08-31 13:32 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Blender Foundation
    2008-08-31 13:32 --------- d-----w C:\Program Files\Blender Foundation
    2008-08-31 12:50 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\gtk-2.0
    2008-08-31 12:46 --------- d-----w C:\Program Files\GIMP-2.0
    2008-08-25 20:01 --------- d-----w C:\ProgramData\orkvufqv
    2008-08-24 20:59 --------- d-----w C:\ProgramData\NtiDvdCopy
    2008-08-24 17:30 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-08-24 17:28 --------- d-----w C:\Program Files\DivX
    2008-08-24 10:19 --------- d-----w C:\Program Files\Hercules
    2008-08-24 08:22 --------- d-----w C:\Program Files\Sony
    2008-08-24 08:20 --------- d-----w C:\Program Files\Acer GameZone
    2008-08-24 08:19 --------- d-----w C:\Program Files\Image-Line
    2008-08-24 08:18 --------- d-----w C:\Program Files\VstPlugins
    2008-08-23 18:27 --------- d-----w C:\ProgramData\Microsoft Help
    2008-08-23 03:21 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Juce VST Host
    2008-08-23 02:55 --------- d-----w C:\Program Files\Sony Setup
    2008-08-23 02:54 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Deckadance
    2008-08-23 02:31 --------- d-----w C:\Program Files\eSobi
    2008-08-23 02:12 --------- d-----w C:\Program Files\Outsim
    2008-08-23 01:49 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Publish Providers
    2008-08-19 08:45 --------- d-----w C:\Program Files\MSBuild
    2008-08-19 08:43 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
    2008-08-18 23:06 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-08-18 22:18 --------- d-----w C:\ProgramData\FLEXnet
    2008-08-18 21:42 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\OpenOffice.org2
    2008-08-18 21:34 --------- d-----w C:\Program Files\Bonjour
    2008-08-18 21:29 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
    2008-08-18 20:27 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\HP
    2008-08-18 20:25 --------- d-----w C:\ProgramData\WEBREG
    2008-08-18 20:25 --------- d-----w C:\ProgramData\HP
    2008-08-18 20:23 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\HPAppData
    2008-08-18 20:23 --------- d-----w C:\ProgramData\HPSSUPPLY
    2008-08-18 20:23 --------- d-----w C:\Program Files\HP
    2008-08-18 20:21 --------- d-----w C:\ProgramData\HP Product Assistant
    2008-08-18 20:21 --------- d-----w C:\Program Files\Hewlett-Packard
    2008-08-18 20:21 --------- d-----w C:\Program Files\Common Files\HP
    2008-08-18 20:20 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2008-08-18 20:19 0 ----a-w C:\Users\SPIDER LOLO\AppData\Roaming\wklnhst.dat
    2008-08-18 20:14 --------- d-----w C:\ProgramData\Hewlett-Packard
    2008-08-18 20:06 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\Ulead Systems
    2008-08-18 20:03 --------- d-----w C:\Program Files\Common Files\InterVideo
    2008-08-18 20:02 --------- d-----w C:\Program Files\Windows Media Components
    2008-08-18 18:04 --------- d-----w C:\Program Files\Audacity
    2008-08-18 14:18 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\EoRezo
    2008-08-17 21:10 --------- d-----w C:\ProgramData\Downloaded Installations
    2008-08-17 20:54 --------- d-----w C:\Program Files\Java
    2008-08-17 18:07 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\ItsLabel
    2008-08-17 17:58 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
    2008-08-17 17:53 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\GetRightToGo
    2008-08-17 17:22 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_HDJBulk_01005.Wdf
    2008-08-17 17:22 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_HDJAsioK_01005.Wdf
    2008-08-17 16:34 --------- d-----w C:\Program Files\Common Files\Java
    2008-08-17 16:28 --------- d-----w C:\Users\SPIDER LOLO\AppData\Roaming\DivX
    2008-08-17 16:16 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
    2008-08-17 11:57 --------- d-----w C:\Program Files\Norton Internet Security
    2008-08-17 11:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-08-17 11:04 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
    2008-08-17 11:04 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
    2008-08-17 11:04 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
    2008-08-17 11:04 --------- d-----w C:\Program Files\Symantec
    2008-08-17 10:04 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
    2008-08-17 10:04 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
    2008-08-17 10:04 542,720 ----a-w C:\Windows\System32\sysmain.dll
    2008-08-17 10:04 502,784 ----a-w C:\Windows\System32\wlansvc.dll
    2008-08-17 10:04 47,104 ----a-w C:\Windows\System32\wlanapi.dll
    2008-08-17 10:04 297,984 ----a-w C:\Windows\System32\wlansec.dll
    2008-08-17 10:04 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
    2000-10-18 10:19 57,344 --sha-w C:\Windows\System32\mfc42loc.dll
    1995-09-20 14:16 35,088 --sha-w C:\Windows\System32\msjint32.dll
    1995-09-20 14:13 977,680 --sha-w C:\Windows\System32\msjt3032.dll
    1995-09-20 14:16 23,824 --sha-w C:\Windows\System32\msjter32.dll
    1995-09-24 09:02 243,472 --sha-w C:\Windows\System32\vbar2232.dll
    1998-05-18 01:06 368,912 --sha-w C:\Windows\System32\vbar332.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-08-17 1232896]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
    "YolwCIR6la"="C:\ProgramData\orkvufqv\unsnsfgr.exe" [2008-08-25 69632]
    "Google Update"="C:\Users\SPIDER LOLO\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
    "ProcCfgApl"="C:\ProgramData\ProcCfgApl\cboxihod.exe" [2008-09-09 94208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.YV12"= yv12vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UacDisableNotify"=dword:00000001
    "InternetSettingsDisableNotify"=dword:00000001
    "AutoUpdateDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{C1A94978-9C4A-44D9-85CC-976E4B256685}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{17250F27-816F-4293-8E80-6C4A899E07AE}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{DB9E81CD-E999-4D30-9431-905A8CDF3057}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
    "{FDE3C5A9-20A2-4666-80CD-094CBF37C993}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
    "{2ED47240-F206-4606-8CDA-2F141807082E}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
    "{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
    "{BA7F183C-0260-4659-8C57-3CF842FF30AA}"= C:\Program Files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
    "{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
    "{F61E8216-CE21-44D7-A083-8FD9EF88C629}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
    "{22E9B950-371C-47D2-AEE9-F09A8FB644C9}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
    "TCP Query User{85FD9D0E-C57A-4E94-8F0A-CA903FE76A63}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
    "UDP Query User{58AB164E-06FB-43FA-AFB1-6F421937C783}C:\\program files\\hercules\\hercules dualpix hd webcam\\station2.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\station2.exe:Hercules Webcam Station Evolution
    "TCP Query User{BE5F4F50-B56C-4DF4-B478-191F34C89730}C:\\program files\\hercules\\hercules dualpix hd webcam\\controlui.exe"= UDP:C:\program files\hercules\hercules dualpix hd webcam\controlui.exe:Hercules Zoom Controller Main Application
    "UDP Query User{0423C1E5-EE52-4D45-A4F2-528A461FA49E}C:\\program files\\hercules\\hercules dualpix hd webcam\\controlui.exe"= TCP:C:\program files\hercules\hercules dualpix hd webcam\controlui.exe:Hercules Zoom Controller Main Application
    "{067960AD-6E38-423F-91C5-989D623D0384}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{B3BE736C-7217-47BF-B229-303A8CBFC40F}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire
    "{8CD5A098-A7ED-4DF2-80E9-18C6A089A9D7}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:FrostWire
    "{48969383-33DF-4597-A64E-B48496D8764F}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{4A384EA0-BE69-4623-BBF4-BFD43D51CE17}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
    "{C83BA2D8-5C42-471B-84E7-9ACA3953DBA4}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{A8F85255-A5A7-45DC-B1DB-CC4478133528}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
    "{C4676158-4AFB-4FCE-BEFC-FE2F126DDE22}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{B7369734-DEA9-4C99-AD32-F674CB7DEC54}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
    "{B6A02F55-118F-47AE-9732-A1D71FBB1A36}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{DE95EB19-A981-4CA1-95E5-412DB4626A66}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
    "{597F0373-7083-46C6-A88A-BC19C3A01BF2}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{F55A8EA5-BF4A-40C7-9FF5-A95BEDF08259}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
    "{E5C0CA76-35C1-4F71-A34C-C865E2244309}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{CF50A9F2-6F4E-4B4B-9521-C67869A2C651}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
    "{A51C1F33-C8D6-48EE-AB53-9B365C1378C8}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{356E52C8-C58F-4250-8AA7-4B30FD546FA5}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
    "{DF0B66B8-E572-4A38-B6C0-A89D452DBBBE}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{7BFC12C4-BAFC-4E32-AB78-85E56CD74BB6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
    "{33862A93-4EB6-4E38-B3A6-ACB92158A6A6}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{7269E45B-7971-4494-9807-D40FCBD2D979}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
    "{68AFBC87-C8B0-4F5F-BE9E-7D5DE3F87394}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{7A381617-185D-4038-A6E8-556BDA9DA8EF}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
    "{28927010-F82B-4776-9CD4-B6FAB3366316}"= Disabled:UDP:57521:Pando P2P TCP Listening Port
    "{D4CC74B7-D0B6-4B4C-AE3C-50B19CA414BF}"= Disabled:TCP:57521:Pando P2P UDP Listening Port
    "{32F1D152-E16D-4676-84E2-A4C484A24980}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{6CA4C8E1-B2AA-4DBF-84E1-2A8D944D91AF}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
    "{4DEB9F41-F0EA-4C04-8285-824BE5919984}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
    "{92981231-DCAA-469D-959A-A32C82CB3091}"= UDP:C:\Program Files\eMule\emule.exe:eMule
    "{6E341430-79C8-4916-8302-30A492104874}"= TCP:C:\Program Files\eMule\emule.exe:eMule
    "{6A1540AB-5C16-4272-9184-493CCC3DF850}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{8B79D375-EFAB-4327-93A4-7D4C60C20E17}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{74B46848-FDB2-43DB-B459-3DF7755651DA}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\drivers\nvrd32.sys [2007-12-08 131616]
    R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080909.001\IDSvix86.sys [2008-07-16 261680]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-06-21 269448]
    R3 APL531;Hercules Dualpix HD Webcam;C:\Windows\system32\Drivers\HDvidv.sys [2007-07-13 285952]
    R3 camfilt2;camfilt2;C:\Windows\system32\DRIVERS\camfilt2.sys [2008-02-01 103720]
    R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 37008]
    S3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys [2008-01-23 28672]
    S3 HDJAsioK;HDJAsioK;C:\Windows\system32\Drivers\HDJAsioK.sys [2008-04-15 131072]
    S3 HDJMidi;Hercules DJ Console Mk2 MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys [2008-06-02 83456]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    *Newly Created Service* - ERASERUTILDRVI7
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)

    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
    R0 -: HKLM-Main,Start Page = hxxp://eo.st
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-11 11:35:38
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-09-11 11:36:57
    ComboFix-quarantined-files.txt 2008-09-11 09:36:48

    Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
    Post-Run: 156,173,119,488 octets libres

    248 --- E O F --- 2008-08-23 18:27:11

    merci d'avance pour ton aide§§§
    0
  12. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bonjour,

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    A bientôt ''
    0
  13. Laurent1967 Messages postés 3 Date d'inscription   Statut Membre 1
     
    Bonjour, j'ai également les mêmes soucis avec les mêmes trojans...après un passage de d'anti virus et de Hijackthis voici le rapport...merci de m'aider car ma connection est terriblement retardé. Cordialement Laurent

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:15:22, on 11/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Apps\ActivBoard\nhksrv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    C:\Program Files\CheckFlow\FlowProtector\4.0.0.1\FlowService.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\WINDOWS\System32\LXSUPMON.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\MESSAG~1\StartMessager.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\anti virus général\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Orange\Launcher\Launcher.exe
    C:\Program Files\Orange\connectivity\connectivitymanager.exe
    C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\WINDOWS\system32\divxsm.exe
    C:\Program Files\anti virus général\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\njjmz.dll/sp.html#37049
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/accoona_search_assistant.jsp?&utm_id=400010&utm_content=leftnav&utm_source=efc&utm_medium=bund&utm_campaign=efc0605
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
    O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [ApiCfg] C:\WINDOWS\system32\fmtuxslc.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\anti virus général\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [rlBGhJyiCl] C:\Documents and Settings\All Users\Application Data\bchwzgpm\zodqjgpc.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\logiciel images internet\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Registration Brothers In Arms EiB Demo.LNK = C:\Program Files\jeux PC\brothers_in_arms_earned_in_blood_demo_jouable_1_anglais_15342\Brothers in Arms Earned in Blood DEMO PC\Support\Register\RegistrationReminder.exe
    O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Barre d'outils eBay - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Barre d'outils eBay - {92D7F210-7F20-11d3-8157-0090278B20DE} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\ANTIVI~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: https://www.orange.fr/portail
    O15 - Trusted Zone: http://secure.gestrip.com (HKLM)
    O15 - Trusted Zone: http://update.randhi.com (HKLM)
    O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://graceland59.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/21170c6df5c0e507d705/netzip/RdxIE601.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg60ctrl_windows_activex_ie.cab
    O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/big/1.1.62-big/GoogleNav.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.atafoto.com/fr/photo-collection/ImageUploader4.cab
    O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - https://live365.com/
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup162.cab
    O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4150E63C-E4BF-435E-A106-05A5141186B9}: NameServer = 192.168.1.1
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O21 - SSODL: ComDscSys - {70AECCFE-9DEC-FA07-0DF8-070D5E0248C7} - C:\Program Files\ghrwdk\ComDscSys.dll (file missing)
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
    O23 - Service: FlowProtectorService - Unknown owner - C:\Program Files\CheckFlow\FlowProtector\4.0.0.1\FlowService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    0
  14. g!rly Messages postés 18462 Statut Contributeur 407
     
    Bonjour,

    Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
    Procèdes comme ceci :
    http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

    A bientôt ''
    0
Précédent
  • 1
  • 2