Pc infecté !!! help svp !

noknok01 -  
 archet9 -
Bonjour tout le monde,

j'ai un problème avec mon pc (qui s'en doutait... :D) il y a quelques jours alors qu'une copine branchait sa clé usb sur mon pc, avast m'a alerté qu'une sale bestiole, un trojan je crois, avait migré vers mon pc..."oliga" je crois...depuis mon pc rame terriblement....
quelqu'un pourrait-il me dire comment virer cette %µ*^£§!! svp ?

à++ ;)
Configuration: Windows XP pro
Firefox 3.0.3

4 réponses

  1. britla Messages postés 88 Date d'inscription   Statut Membre Dernière intervention   10
     
    essaye un scan en ligne sur ce lien www.bitdefender.fr
    0
  2. archet9
     
    bonsoir,

    Commence par poster un rapport HijackThis stp,
    >Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
    - Lance le programme, puis sélectionne < do a system scan and save a logfile >
    - Enregistre le rapport sur ton bureau.
    Et envoie, par copier/coller, ton log Hijackthis sur le forum,

    A+

    Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
    0
  3. noknok01
     
    salut archet9,

    voilàle rapport du scan que tu m'as demandé

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:43:06, on 11/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2C9CAD4C-0F2C-4061-923B-2ABBB7D3454C} - C:\WINDOWS\system32\rqRKARjK.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {747D7961-AC00-4610-AA58-14ADCBB937E1} - C:\WINDOWS\system32\cbXRHwvU.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {9EC4A248-FDE4-4BC2-830E-725CB59E98A0} - C:\WINDOWS\system32\byXPIxvt.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - C:\WINDOWS\system32\urqoligH.dll (file missing)
    O2 - BHO: (no name) - {C8B167F1-7C8E-4666-AE69-7211828DC1F2} - C:\WINDOWS\system32\ddcArqOF.dll (file missing)
    O2 - BHO: (no name) - {FCB7D915-A464-4A32-B7CA-35D6B20BC6DA} - C:\WINDOWS\system32\cbXRJAtu.dll (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4548] cmd /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1315] command /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8374] cmd /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7773] command /c del "C:\WINDOWS\system32\jloudeov.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5340] cmd /c del "C:\WINDOWS\system32\jloudeov.dll_old"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1693] command /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
    O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'Default user')
    O4 - S-1-5-18 Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (User 'Default user')
    O4 - .DEFAULT Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'Default user')
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?01e870d5df3f4bd8a818f90159ad7229
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?01e870d5df3f4bd8a818f90159ad7229
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O20 - Winlogon Notify: urqoligH - urqoligH.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    0
    1. archet9
       
      infection vundo....
      fait ceci:

      ---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
      http://download.bleepingcomputer.com/sUBs/ComboFix.exe

      /!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

      ---> Double-clique sur Combofix.exe
      Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
      Accepte en cliquant sur "Oui"

      ---> Mets-le en langue française F
      Tape sur la touche 1 (Yes) pour démarrer le scan.

      /!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ important

      En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

      Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

      /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

      Note : Le rapport se trouve également là : C:\ComboFix.txt

      a+
      0
      1. noknok01 > archet9
         
        ComboFix 08-11-11.01 - Administrateur 2008-11-12 17:56:27.1 - NTFSx86
        Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1289 [GMT 1:00]
        Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
        * Un nouveau point de restauration a été créé

        [COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
        .

        (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
        .

        c:\windows\BM5f583621.txt
        c:\windows\BM5f583621.xml
        c:\windows\IE4 Error Log.txt
        c:\windows\system32\aqrrwuvs.ini
        c:\windows\system32\aqrrwuvs.ini2
        c:\windows\system32\aqrrwuvs.tmp
        c:\windows\system32\byyhcxhj.ini
        c:\windows\system32\CID
        c:\windows\system32\FOqrAcdd.ini
        c:\windows\system32\FOqrAcdd.ini2
        c:\windows\system32\intufuyb.ini
        c:\windows\system32\KjRAKRqr.ini
        c:\windows\system32\KjRAKRqr.ini2
        c:\windows\system32\lsprst7.dll
        c:\windows\system32\mcrh.tmp
        c:\windows\system32\mmwkunqe.ini
        c:\windows\system32\mpmwfhhl.ini
        c:\windows\system32\mqvekvgx.ini
        c:\windows\system32\pvltpbpt.ini
        c:\windows\system32\ssprs.dll
        c:\windows\system32\SvcNm
        c:\windows\system32\tvxIPXyb.ini
        c:\windows\system32\tvxIPXyb.ini2
        c:\windows\system32\ugawugpu.ini
        c:\windows\system32\url1
        c:\windows\system32\url2
        c:\windows\system32\url3
        c:\windows\system32\utAJRXbc.ini
        c:\windows\system32\utAJRXbc.ini2
        c:\windows\system32\UvwHRXbc.ini
        c:\windows\system32\UvwHRXbc.ini2
        c:\windows\system32\vxmfnlaa.ini
        c:\windows\system32\wscmp.dll.tmp
        c:\windows\system32\wypyqlfo.ini
        c:\windows\Temp\scsE.tmp
        c:\windows\Temp\scsF.tmp

        .
        ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        -------\Legacy_NTLOAD


        ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-12 au 2008-11-12 ))))))))))))))))))))))))))))))))))))
        .

        2008-11-10 03:11 . 2008-11-10 03:11 54,156 --ah----- c:\windows\QTFont.qfn
        2008-11-10 03:11 . 2008-11-10 03:11 1,409 --a------ c:\windows\QTFont.for
        2008-11-05 01:44 . 2008-11-07 02:34 <REP> d-------- c:\documents and settings\Administrateur\Application Data\dvdcss
        2008-10-25 09:31 . 2008-10-25 11:27 <REP> d-------- C:\GTA San Andreas User Files
        2008-10-15 14:25 . 2008-10-15 14:25 <REP> d-------- c:\program files\Rockstar Games

        .
        (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-11-11 23:43 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
        2008-10-12 22:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\gtk-2.0
        2008-10-10 14:04 --------- d-----w c:\program files\Xilisoft
        2008-10-10 14:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\Xilisoft Corporation
        2008-10-05 23:06 --------- d-----w c:\program files\Activision
        2008-10-05 09:25 --------- d-----w c:\program files\Veoh Networks
        2008-10-04 20:03 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
        2008-10-04 16:13 --------- d-----w c:\documents and settings\Administrateur\Application Data\vlc
        2008-10-04 16:08 --------- d-----w c:\program files\VideoLAN
        2008-10-01 13:37 --------- d-----w c:\program files\Fichiers communs\Macromedia
        2008-10-01 13:36 --------- d-----w c:\program files\Macromedia
        2008-09-28 03:54 --------- d-----w c:\program files\uTorrent
        2008-09-26 21:24 --------- d-----w c:\program files\ArKaos VJ 3.6.1 FC2
        2008-09-26 10:21 --------- d-----w c:\program files\Stardock
        2008-09-23 05:40 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
        2008-09-23 05:36 --------- d--h--r c:\documents and settings\Administrateur\Application Data\SecuROM
        2007-11-25 09:44 24,640 -c--a-w c:\program files\Fichiers communs\security
        .

        ------- Sigcheck -------

        2005-07-21 13:18 578048 0df75fb73f705b011630159a43d7c354 c:\windows\system32\user32.dll

        2005-07-18 19:14 359936 3c6e2f1f8ba768d1a5b033fb9429f242 c:\windows\system32\drivers\tcpip.sys

        2005-07-23 13:37 2017280 50b3a210b6fa8d3089a36a32e7d8b21f c:\windows\system32\ntkrnlpa.exe

        2005-07-21 13:18 2137600 e75f7aa5a33479f29c636fd0890f5762 c:\windows\system32\ntoskrnl.exe

        2005-07-21 13:18 1036288 0bee3b07ace3303ee57698808e1d2de3 c:\windows\explorer.exe
        .
        ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
        "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
        "WindowFX"="c:\program files\Stardock\Object Desktop\WindowFX\\wfxload.exe" [2006-08-02 820912]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
        "SpybotDeletingD4548"="del" [X]
        "SpybotDeletingB1315"="command" [X]
        "SpybotDeletingD8374"="del" [X]
        "SpybotDeletingB7773"="command" [X]
        "SpybotDeletingD5340"="del" [X]
        "SpybotDeletingB1693"="command" [X]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
        "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
        "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 200069]
        "DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
        "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-20 185632]
        "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
        "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
        "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
        "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
        "nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
        "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.exe]
        "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
        "nlsf"="move" [X]
        "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-19 44544]

        c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
        Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-03-14 2756608]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "NoSMHelp"= 1 (0x1)
        "MemCheckBoxInRunDlg"= 1 (0x1)
        "NoSMBalloonTip"= 1 (0x1)
        "NoWelcomeScreen"= 1 (0x1)
        "NoAutoUpdate"= 1 (0x1)

        [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
        "NoSMHelp"= 1 (0x1)
        "MemCheckBoxInRunDlg"= 1 (0x1)
        "NoSMBalloonTip"= 1 (0x1)
        "NoWelcomeScreen"= 1 (0x1)
        "NoAutoUpdate"= 1 (0x1)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
        "midi2"= ma_cmidn.dll

        [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
        Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusDisableNotify"=dword:00000001
        "UpdatesDisableNotify"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)
        "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
        "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
        "c:\\Program Files\\MSN Messenger\\livecall.exe"=
        "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
        "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
        "c:\\Program Files\\uTorrent\\uTorrent.exe"=
        "c:\\Program Files\\Image-Line\\FL Studio 7\\FL.exe"=
        "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

        R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-04-17 11264]
        R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]
        R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
        R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
        R3 MA_CMIDI;%EVOL_USB.SvcDesc%;c:\windows\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
        R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2007-12-18 360448]
        R3 TASCAM_US122L_MIDI;TASCAM US-122L WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2007-12-18 18944]
        R3 TASCAM_US122L_WDM;TASCAM US-122L WDM;c:\windows\system32\drivers\tscusb2a.sys [2007-12-18 33792]
        S3 BCMIDI;BCMIDI;c:\windows\system32\Drivers\bcmidi2.sys [2005-10-19 22432]
        S3 BCR2000;B-Control Rotary/Fader 2000 (08/04/2004,1.1.1.0);c:\windows\system32\drivers\bcr2000.sys [2004-08-13 21024]

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c367aca-aa1b-11dd-a35e-001bb9beaf4e}]
        \Shell\AutoRun\command - L:\u9dyi.exe
        \Shell\explore\Command - L:\u9dyi.exe
        \Shell\open\Command - L:\u9dyi.exe

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea285d52-f28f-11dc-a2da-001bb9beaf4e}]
        \Shell\Auto\command - wscript "esta ig.vbs"
        \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea285d53-f28f-11dc-a2da-001bb9beaf4e}]
        \Shell\Auto\command - wscript "esta ig.vbs"
        \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"
        .
        Contenu du dossier 'Tâches planifiées'

        2008-11-07 c:\windows\Tasks\AppleSoftwareUpdate.job
        - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

        2008-11-12 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
        - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 15:54]
        .
        - - - - ORPHELINS SUPPRIMES - - - -

        BHO-{2C9CAD4C-0F2C-4061-923B-2ABBB7D3454C} - c:\windows\system32\rqRKARjK.dll
        BHO-{747D7961-AC00-4610-AA58-14ADCBB937E1} - c:\windows\system32\cbXRHwvU.dll
        BHO-{9EC4A248-FDE4-4BC2-830E-725CB59E98A0} - c:\windows\system32\byXPIxvt.dll
        BHO-{BDD714BC-D36C-487B-8142-8BA020FB6535} - (no file)
        BHO-{C8B167F1-7C8E-4666-AE69-7211828DC1F2} - c:\windows\system32\ddcArqOF.dll
        BHO-{FCB7D915-A464-4A32-B7CA-35D6B20BC6DA} - c:\windows\system32\cbXRJAtu.dll
        HKLM-Run-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
        HKLM-Run-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe
        HKU-Default-RunOnce-XPPro4.0 - c:\windows\REG\run.cmd
        Notify-urqoligH - urqoligH.dll


        .
        ------- Examen supplémentaire -------
        .
        FireFox -: Profile - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\3fx8vg5j.default\
        FF -: plugin - c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
        .

        **************************************************************************

        catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-11-12 18:00:27
        Windows 5.1.2600 Service Pack 2 NTFS

        Recherche de processus cachés ...

        Recherche d'éléments en démarrage automatique cachés ...

        Recherche de fichiers cachés ...

        Scan terminé avec succès
        Fichiers cachés: 0

        **************************************************************************
        .
        ------------------------ Autres processus actifs ------------------------
        .
        c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
        c:\program files\Alwil Software\Avast4\aswUpdSv.exe
        c:\program files\Alwil Software\Avast4\ashServ.exe
        c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
        c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
        c:\program files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
        c:\program files\CDBurnerXP\NMSAccessU.exe
        c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
        c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
        c:\windows\system32\nvsvc32.exe
        c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
        c:\windows\system32\wdfmgr.exe
        c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
        c:\program files\Alwil Software\Avast4\ashMaiSv.exe
        c:\program files\Alwil Software\Avast4\ashWebSv.exe
        c:\windows\system32\rundll32.exe
        c:\windows\system32\rundll32.exe
        c:\program files\Stardock\Object Desktop\WindowFX\wfxload.exe
        c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
        c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
        c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
        c:\windows\system32\wscntfy.exe
        .
        **************************************************************************
        .
        Heure de fin: 2008-11-12 18:02:17 - La machine a redémarré
        ComboFix-quarantined-files.txt 2008-11-12 17:02:12

        Avant-CF: 47 162 191 872 octets libres
        Après-CF: 48,896,479,232 octets libres

        235


        voilà le rapport !

        sacrebleu c'que j'ai eu la pétoche pendant que ce truc tournait...je dois préciser quelques trucs ::: au redémarrage combo fix s'ouvre de suite et demande à ce qu'aucune appli ne soit lancée,or j'ai 2 logiciels qui démarrent automatiquement, dont spybot qui me demande si j'autorise une modif ( valeur supprimée = alcmtr.exe) dois je autoriser ou refuser ? autre petit point l'icone d'avast n'apparait plus dans la barre de taches à coté de l'heure malgré plusieurs tentatives de réactivation (dans "thèmes") cela veut il dire qu' avast tourne pas comme il faut ou ça n'a aucune importance??

        un grand merci pour ton aide, et j'espère pas trop abuser de ton temps et de ta patience....
        0
      2. archet9 > noknok01
         
        il faut bien lire les consignes avant d exécuter 1log...
        tu n avais pas fait ceci:

        --/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

        pour avast on verra + tard
        pous spybot: desactive le tea timer:
        http://img81.imageshack.us/img81/7585/spybotrsident2ke.jpg
        colle 1 nouveau scan hijack stp...

        a+

        Antonio Giacomo Stradivari, souvent appelé Stradivarius (Crémone, 1644 - Crémone, 18 décembre 1737 
        Le Soil (1714), considéré par beaucoup comme le meilleur instrument du monde.
        peu de temps avant sa mort il cherchait encore... 
        0
      3. noknok01 > archet9
         
        voilà le nouveau hijackthis ::
        et
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 20:05:33, on 12/11/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.5730.0013)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\RUNDLL32.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
        C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
        C:\WINDOWS\system32\LVCOMSX.EXE
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
        C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
        C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
        C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
        C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
        C:\Program Files\CDBurnerXP\NMSAccessU.exe
        C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
        C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
        C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
        C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
        C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Program Files\Image-Line\FL Studio 7\FL.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
        O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {2C9CAD4C-0F2C-4061-923B-2ABBB7D3454C} - (no file)
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: (no name) - {747D7961-AC00-4610-AA58-14ADCBB937E1} - (no file)
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: (no name) - {9EC4A248-FDE4-4BC2-830E-725CB59E98A0} - (no file)
        O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O2 - BHO: (no name) - {BDD714BC-D36C-487B-8142-8BA020FB6535} - (no file)
        O2 - BHO: (no name) - {C8B167F1-7C8E-4666-AE69-7211828DC1F2} - (no file)
        O2 - BHO: (no name) - {FCB7D915-A464-4A32-B7CA-35D6B20BC6DA} - (no file)
        O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
        O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe
        O4 - HKCU\..\RunOnce: [SpybotDeletingD4548] cmd /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
        O4 - HKCU\..\RunOnce: [SpybotDeletingB1315] command /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
        O4 - HKCU\..\RunOnce: [SpybotDeletingD8374] cmd /c del "C:\WINDOWS\system32\dbvmhtkm.dll_old"
        O4 - HKCU\..\RunOnce: [SpybotDeletingB7773] command /c del "C:\WINDOWS\system32\jloudeov.dll_old"
        O4 - HKCU\..\RunOnce: [SpybotDeletingD5340] cmd /c del "C:\WINDOWS\system32\jloudeov.dll_old"
        O4 - HKCU\..\RunOnce: [SpybotDeletingB1693] command /c del "C:\WINDOWS\system32\byXPIxvt.dll_old"
        O4 - HKUS\S-1-5-19\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
        O4 - HKUS\S-1-5-20\..\RunOnce: [XPPro4.0] %systemroot%\REG\run.cmd (User 'SERVICE RÉSEAU')
        O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
        O4 - S-1-5-18 Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'SYSTEM')
        O4 - .DEFAULT Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe (User 'Default user')
        O4 - Startup: TranspApps.lnk = C:\Program Files\Vasilios Applications\TranspApps\TranspApps.exe
        O4 - Global Startup: Bluetooth Manager.lnk = ?
        O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
        O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?01e870d5df3f4bd8a818f90159ad7229
        O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?01e870d5df3f4bd8a818f90159ad7229
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
        O20 - Winlogon Notify: urqoligH - C:\WINDOWS\
        O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
        O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
        O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
        O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
        O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
        O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
        O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
        0
  4. archet9
     
    donne moi des nouvelles d pc stp
    ca rame ou pas?

    A+
    0