Se connecter / S'enregistrer
Votre question

Email intempestif outlook express

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Novembre 2008 20:29:48

Bonjour,

mon poste envoi des email sans arret avec outlook express. Avast les détecte mais je ne sais pas quoi faire.

je vous donne le fichier de log de Hijackthis si quelqu'un peux m'aider moi je n'y comprend rien
merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:30, on 16/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\program files\a-squared free\a2service.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\M&M's\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll
O2 - BHO: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A94C8BA2-C285-48CB-B08C-1F5E57D36905} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {FB936D4B-E1F5-4345-A9B3-D05971F30C4E} - (no file)
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [MediaDICO36] C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{646C6A9F-0C78-1036-1029-041105040021}] "C:\Program Files\Fichiers communs\{646C6A9F-0C78-1036-1029-041105040021}\Update.exe" te-110-12-0000059 (User 'Default user')
O4 - Startup: Liz.lnk = D:\Perso\Famille\Administratif\URSSAF\2008\Bulletins de salaire Liz\08-11.xls
O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Tous Télécharger par ReGet Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm
O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\eebps.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\eebps.dll
O11 - Options group: [international] International*
O11 - Options group: [java_sun] Java (Sun)
O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.com
O15 - Trusted IP range: 81.222.131.59
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://intranet.aiga-fr.com/Remote/msrdp.cab
O16 - DPF: {e06e2e99-0aa1-11d4-aba6-0060082aa75c} (GpcContainer Class) - https://autodesk-france.webex.com/client/T26L/training/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Run - C:\WINDOWS\
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\
O20 - Winlogon Notify: vturqqn - vturqqn.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Microsoft Star Window Service - Unknown owner - C:\WINDOWS\system32\dllcache\starwin32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 16764 bytes

Autres pages sur : email intempestif outlook express

a b 8 Sécurité
16 Novembre 2008 20:44:58

Bonjour,

Analyse le fichier sur VirusToyal puis poste le rapport :
c:\windows\system32\eebps.dll
16 Novembre 2008 20:52:20

bonsoir,
merci de prendre du temps pour me dépanner.
voici le rapport

Fichier eebps.dll reçu le 2008.11.16 20:48:25 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.14.3 2008.11.16 Win-Trojan/Agent.86016.HV
AntiVir 7.9.0.31 2008.11.16 -
Authentium 5.1.0.4 2008.11.15 -
Avast 4.8.1281.0 2008.11.16 -
AVG 8.0.0.199 2008.11.16 -
BitDefender 7.2 2008.11.16 Backdoor.Agent.ZYI
CAT-QuickHeal 10.00 2008.11.15 -
ClamAV 0.94.1 2008.11.15 -
DrWeb 4.44.0.09170 2008.11.16 -
eSafe 7.0.17.0 2008.11.16 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.16 -
F-Prot 4.4.4.56 2008.11.16 -
F-Secure 8.0.14332.0 2008.11.16 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.16 Backdoor.Agent.ZYI
Ikarus T3.1.1.45.0 2008.11.16 Trojan-Dropper.Agent
K7AntiVirus 7.10.526 2008.11.15 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.11.16 -
McAfee 5435 2008.11.15 -
Microsoft 1.4104 2008.11.16 Trojan:Win32/Healsock
NOD32 3615 2008.11.15 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.16 Bck/Agent.KFJ
PCTools 4.4.2.0 2008.11.16 -
Prevx1 V2 2008.11.16 Malware Downloader
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.16 -
Sophos 4.35.0 2008.11.16 -
Sunbelt 3.1.1801.2 2008.11.14 -
Symantec 10 2008.11.16 Trojan.Ascesso
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.15 -
ViRobot 2008.11.15.1470 2008.11.15 -
VirusBuster 4.5.11.0 2008.11.16 -

Information additionnelle
File size: 86016 bytes
MD5...: d67cdff1743f5aef74d8a6705233ee45
SHA1..: 80e6c0464f890c5abee7b7853949ed8831d7ef4e
SHA256: 6fe118823534ec7da87e5dc70f968052fde7b259eb18d683cacac7ff462c5119
SHA512: 873d9254f90d5fb97a6e084fb5b85b98923b25dbf15f49f0990a7a9de6f4e9c6
d354a4d6792da77cff7788c635e18218f4611110e48d70b72bcb0671c13f0fd1
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1fb08ebb
timedatestamp.....: 0x48d6464b (Sun Sep 21 13:04:11 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd624 0xe000 6.57 00b1b0fee110268a17b894aa28fe4a93
.rdata 0xf000 0x2827 0x3000 4.40 c468528835062b6ef9217711bf37a8e5
.data 0x12000 0x1620 0x1000 2.21 7d6f9225ab4f00b54b9085c730f3acc0
.reloc 0x14000 0x14ea 0x2000 3.31 abe7199f02a530f27cb370bf936f6a1a

( 4 imports )
> KERNEL32.dll: InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, CloseHandle, WriteFile, CreateFileA, DeleteFileA, CreateDirectoryA, Sleep, GetTickCount, GetEnvironmentVariableA, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetVersionExA, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, GlobalFree, FreeLibrary, GetProcAddress, LoadLibraryA, lstrlenW, lstrlenA, HeapAlloc, GetProcessHeap, HeapDestroy, HeapFree, TerminateThread, GetCurrentThread, SetUnhandledExceptionFilter, GetModuleFileNameA, LoadLibraryW, ExpandEnvironmentStringsW, HeapCreate, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, RtlUnwind, RaiseException, GetCurrentThreadId, GetCommandLineA, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, TlsAlloc, SetLastError, GetLastError, TlsFree, TlsSetValue, TlsGetValue, GetModuleHandleA, ExitProcess, TerminateProcess, GetCurrentProcess, HeapSize, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, UnhandledExceptionFilter, VirtualQuery, IsBadReadPtr, IsBadCodePtr, GetOEMCP, GetCPInfo, VirtualProtect, GetSystemInfo, GetStringTypeA, GetStringTypeW
> USER32.dll: wsprintfA
> WS2_32.dll: WSCInstallProvider, WSCEnumProtocols, -, -, WSCGetProviderPath
> RPCRT4.dll: UuidCreate

( 4 exports )
DllMain, DllRegisterServer, DllUnregisterServer, WSPStartup

Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=07B9652E...
Contenus similaires
a b 8 Sécurité
17 Novembre 2008 17:05:52

Ok, merci. On va faire un petit nettoyage avant.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    17 Novembre 2008 20:56:39

    Bonsoir,
    voici le rapport :
    Par contre, jai un mal fou à aller sur internet, 1 fois sur 10, il me marque que je n'ai pas de connection !!

    merci

    Malwarebytes' Anti-Malware 1.30
    Version de la base de données: 1405
    Windows 5.1.2600 Service Pack 2

    17/11/2008 20:54:28
    mbam-log-2008-11-17 (20-54-28).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|)
    Eléments examinés: 107072
    Temps écoulé: 1 hour(s), 13 minute(s), 7 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7bc9c2e2-73a6-4fcf-b73d-cbaa20b31c9b} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\config\41546138.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    17 Novembre 2008 20:59:14

    Reposte un rapport Hijackthis.
    17 Novembre 2008 21:08:56

    voici le rappport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:11:51, on 17/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\MediaDICO36.EXE
    c:\program files\a-squared free\a2service.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\Rac36.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\M&M's\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://81.222.131.49/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll
    O2 - BHO: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {A94C8BA2-C285-48CB-B08C-1F5E57D36905} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: (no name) - {FB936D4B-E1F5-4345-A9B3-D05971F30C4E} - (no file)
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [MediaDICO36] C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{646C6A9F-0C78-1036-1029-041105040021}] "C:\Program Files\Fichiers communs\{646C6A9F-0C78-1036-1029-041105040021}\Update.exe" te-110-12-0000059 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{646C6A9F-0C78-1036-1029-041105040021}] "C:\Program Files\Fichiers communs\{646C6A9F-0C78-1036-1029-041105040021}\Update.exe" te-110-12-0000059 (User 'Default user')
    O4 - Startup: Liz.lnk = D:\Perso\Famille\Administratif\URSSAF\2008\Bulletins de salaire Liz\08-11.xls
    O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Tous Télécharger par ReGet Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm
    O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm
    O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\eebps.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\eebps.dll
    O11 - Options group: [international] International*
    O11 - Options group: [java_sun] Java (Sun)
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.com
    O15 - Trusted IP range: 81.222.131.59
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://intranet.aiga-fr.com/Remote/msrdp.cab
    O16 - DPF: {e06e2e99-0aa1-11d4-aba6-0060082aa75c} (GpcContainer Class) - https://autodesk-france.webex.com/client/T26L/training/...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: Run - C:\WINDOWS\
    O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\
    O20 - Winlogon Notify: vturqqn - vturqqn.dll (file missing)
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Microsoft Star Window Service - Unknown owner - C:\WINDOWS\system32\dllcache\starwin32.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 18173 bytes
    a b 8 Sécurité
    18 Novembre 2008 12:31:06

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    18 Novembre 2008 20:08:22

    Bonsoir,

    ca ne fonctionne pas.

    lorsque je le lance j'ai un message d'erreur regedit.exe manquant !!

    comment faire
    merci
    18 Novembre 2008 21:14:06

    Rebonsoir,

    j'ai pris le fichier regedit.exe sur mon portable, er j'ai pu lancer Combofix

    voici le rapport
    merci


    ComboFix 08-11-18.02 - M&M's 2008-11-18 20:59:30.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.386 [GMT 1:00]
    Lancé depuis: c:\documents and settings\M&M's\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\M&M's\Application Data\Dxcdmns.dll
    c:\program files\Fichiers communs\{646C6~1
    c:\windows\keyboard1.dat
    c:\windows\system32\ban_list.txt
    c:\windows\system32\guard.tmp
    c:\windows\system32\jlkkj.bak1
    c:\windows\system32\jlkkj.bak2
    c:\windows\system32\jlkkj.ini
    c:\windows\system32\mcrh.tmp
    c:\windows\system32\TDSSerrors.log
    c:\windows\system32\tdssservers.dat

    Une copie infectée de c:\windows\system32\userinit.exe a été trouvée et désinfectée
    Copie restaurée à partir de - c:\qoobox\Quarantine\C\\WINDOWS\system32\userinit.exe.vir


    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_ASC3550P
    -------\Legacy_CMDSERVICE
    -------\Legacy_MICROSOFT_STAR_WINDOW_SERVICE
    -------\Legacy_NETWORK_MONITOR
    -------\Service_asc3550p
    -------\Service_Microsoft Star Window Service


    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-18 au 2008-11-18 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-18 20:55 . 2008-04-13 18:34 153,088 --a------ c:\windows\regedit.exe
    2008-11-18 19:56 . 2008-11-18 19:56 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-11-17 19:36 . 2008-11-17 19:36 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-11-17 19:36 . 2008-11-17 19:36 <REP> d-------- c:\documents and settings\M&M's\Application Data\Malwarebytes
    2008-11-17 19:36 . 2008-11-17 19:36 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-11-17 19:36 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-11-17 19:36 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-11-16 09:38 . 2008-11-16 09:45 <REP> d-------- c:\program files\Windows Live Safety Center
    2008-11-15 11:47 . 2008-11-17 19:09 <REP> d-------- c:\windows\LastGood.Tmp
    2008-11-15 11:47 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
    2008-11-15 11:47 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
    2008-11-06 22:49 . 2008-11-06 22:49 <REP> d-------- c:\documents and settings\All Users\Application Data\SlySoft
    2008-11-06 21:28 . 2008-11-06 21:28 86,016 --a------ c:\windows\system32\eebps.dll
    2008-11-05 10:57 . 2008-11-05 10:57 <REP> d-------- C:\Scenes
    2008-11-05 10:57 . 2008-11-05 10:57 <REP> d-------- C:\KD
    2008-10-27 18:08 . 2008-10-27 18:08 <REP> d-------- c:\program files\Lavasoft
    2008-10-27 18:07 . 2008-10-27 18:07 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
    2008-10-27 16:38 . 2008-10-03 18:12 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
    2008-10-27 16:38 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
    2008-10-27 16:38 . 2007-03-08 06:10 1,048,576 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
    2008-10-27 16:38 . 2008-08-26 09:11 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
    2008-10-27 16:38 . 2008-08-26 09:11 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
    2008-10-27 16:38 . 2008-08-26 09:11 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
    2008-10-27 16:38 . 2008-08-26 09:11 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
    2008-10-27 16:38 . 2008-08-26 09:11 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
    2008-10-27 16:38 . 2008-08-25 09:38 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
    2008-10-27 09:10 . 2008-10-27 10:15 <REP> d-------- C:\HP_AND_THE_CHAMBER_OF_SECRETS
    2008-10-23 16:07 . 2008-10-23 16:07 99,904 --a------ c:\windows\system32\drivers\AnyDVD.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-18 19:55 13,440 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
    2008-11-18 19:19 --------- d-----w c:\documents and settings\M&M's\Application Data\Skype
    2008-11-18 19:16 --------- d-----w c:\program files\eMule
    2008-11-16 20:05 --------- d-----w c:\program files\BDGest Evolution
    2008-11-16 08:03 --------- d-----w c:\documents and settings\M&M's\Application Data\skypePM
    2008-11-15 17:08 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2008-11-15 17:06 --------- d-----w c:\program files\Spybot - Search & Destroy
    2008-11-15 11:59 --------- d-----w c:\program files\a-squared Free
    2008-11-15 09:55 --------- d-----w c:\program files\ewido anti-spyware 4.0
    2008-11-02 12:55 --------- d-----w c:\documents and settings\M&M's\Application Data\AdobeUM
    2008-10-27 13:29 --------- d-----w c:\documents and settings\M&M's\Application Data\DivX
    2008-10-27 10:48 --------- d-----w c:\program files\ReGetDx
    2008-10-27 08:09 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
    2008-10-04 13:45 --------- d-----w c:\program files\MSXML 6.0
    2008-09-26 07:45 1,998 ----a-w c:\documents and settings\M&M's\Application Data\wklnhst.dat
    2008-09-19 12:54 --------- d-----w c:\documents and settings\M&M's\Application Data\webex
    2007-11-21 19:38 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
    2005-06-17 07:20 56 --sha-r c:\windows\system32\A3124DA457.sys
    .

    ------- Sigcheck -------

    2005-03-14 02:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
    2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB893066$\tcpip.sys
    2008-06-20 11:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\sp2gdr\tcpip.sys
    2008-06-20 11:44 360960 744e57c99232201ae98c49168b918f48 c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\sp2qfe\tcpip.sys
    2008-06-20 12:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\sp3gdr\tcpip.sys
    2008-06-20 12:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\SoftwareDistribution\Download\7b6e084e897a416dad6204fec54d1e00\sp3qfe\tcpip.sys
    2006-09-23 08:25 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:\windows\system32\dllcache\tcpip.sys
    2006-09-23 08:25 359040 3bb4b08619c111c7be8bda07aa0de6a2 c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-10-31 2259904]
    "MediaDICO36"="c:\program files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe" [2004-05-27 252416]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-05-24 160832]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
    "LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
    "LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
    "WinDVR SchSvr"="c:\program files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe" [2005-02-16 106496]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-08 98304]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
    "PCMService"="c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-18 110744]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
    "SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "Dit"="Dit.exe" [2004-04-02 c:\windows\Dit.exe]
    "CHotkey"="zHotkey.exe" [2004-05-17 c:\windows\zHotkey.exe]
    "nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 c:\windows\AGRSMMSG.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

    c:\documents and settings\M&M's\Menu D‚marrer\Programmes\D‚marrage\
    Liz.lnk - d:\perso\Famille\Administratif\URSSAF\2008\Bulletins de salaire Liz\08-11.xls [2008-11-05 09:39:35 41472]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-21 110592]
    DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-02-10 962661]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-02-13 169472]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2005-01-09 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.MJPG"= pvmjpg20.dll
    "vidc.mxmc"= MimicICM.DLL
    "vidc.XVID"= xvid.dll
    "vidc.DIV3"= DivXc32.dll
    "vidc.DIV4"= DivXc32f.dll
    "msacm.divxa32"= DivXa32.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Retrospect\\Retrospect 7.5\\Retrospect.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

    R2 LogWatch;Event Log Watch;c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 53248]
    R3 Cap7134;MEDION (7134) WDM Video Capture;c:\windows\system32\DRIVERS\Cap7134.sys [2004-07-08 350752]
    R3 CardReaderFilter;Card Reader Filter;\??\c:\windows\system32\Drivers\USBCRFT.SYS [2004-07-08 13440]
    R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2004-09-16 1272000]
    R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\DRIVERS\PhTVTune.sys [2004-07-08 24704]
    R3 xpvcom;XPVCOM Port;c:\windows\system32\Drivers\xpvcom.sys [2007-03-23 30032]
    S3 CA_LIC_CLNT;Client de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 77824]
    S3 CA_LIC_SRVR;Serveur de licence CA;c:\program files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 77824]
    S3 UKBFLT;UKBFLT;c:\windows\system32\DRIVERS\UKBFLT.sys [2004-07-01 11672]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d88632f-269b-11d9-b2c3-000c76adb999}]
    \Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1540b92a-2cb5-11d9-9c60-00110949a3d1}]
    \Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46e21b24-2d4e-11d9-9c66-00110949a3d1}]
    \Shell\AutoRun\command - @%systemroot%\explorer.exe /e,.
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{A94C8BA2-C285-48CB-B08C-1F5E57D36905} - (no file)
    BHO-{FB936D4B-E1F5-4345-A9B3-D05971F30C4E} - (no file)
    HKLM-Run-Cmaudio - cmicnfg.cpl
    HKU-Default-Explorer_Run-{646C6A9F-0C78-1036-1029-041105040021} - c:\program files\Fichiers communs\{646C6A9F-0C78-1036-1029-041105040021}\Update.exe
    ShellExecuteHooks-{FB936D4B-E1F5-4345-A9B3-D05971F30C4E} - (no file)
    Notify-run - (no file)
    Notify-shell extensions - (no file)
    Notify-vturqqn - vturqqn.dll


    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - c:\documents and settings\M&M's\Application Data\Mozilla\Firefox\Profiles\2t68ov3b.default\
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-18 21:06:11
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\jqzgfpy]
    "ImagePath"="\??\c:\windows\system32\jqzgfpy.sys"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\explorer.exe
    -> ?:\windows\system32\msctfime.ime
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Lavasoft\Ad-Aware\aawservice.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\Micro Application\36 Dictionnaires et Recueils de Correspondance\MediaDico36.exe
    c:\program files\a-squared Free\a2service.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    c:\program files\ewido anti-spyware 4.0\guard.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Micro Application\36 Dictionnaires et Recueils de Correspondance\RAC36.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Alwil Software\Avast4\ashMaiSv.exe
    c:\progra~1\COMMON~1\X10\Common\X10nets.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Fichiers communs\Teleca Shared\Generic.exe
    c:\program files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-18 21:13:48 - La machine a redémarré
    ComboFix-quarantined-files.txt 2008-11-18 20:13:43

    Avant-CF: 15 841 132 544 octets libres
    Après-CF: 15,986,921,472 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

    246
    a b 8 Sécurité
    19 Novembre 2008 15:21:56

    Reposte un rapport Hijackthis.
    19 Novembre 2008 18:13:54

    bonsoir, voici le rapport

    merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:16, on 2008-11-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Dit.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\MediaDICO36.EXE
    C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\Rac36.EXE
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    c:\program files\a-squared free\a2service.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\ReGetDx\regetdx.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\M&M's\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Fichiers communs\ReGet Shared\Catcher.dll
    O2 - BHO: Skype add-on (mastermind) - {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Dit] Dit.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    O4 - HKCU\..\Run: [MediaDICO36] C:\Program Files\Micro Application\36 Dictionnaires et Recueils de Correspondance\LanceMediaDICO36.exe Lancement
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Liz.lnk = D:\Perso\Famille\Administratif\URSSAF\2008\Bulletins de salaire Liz\08-11.xls
    O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Tous Télécharger par ReGet Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_All.htm
    O8 - Extra context menu item: Télécharger avec Re&Get Deluxe - C:\Program Files\Fichiers communs\ReGet Shared\CC_Link.htm
    O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Skype - {77bf5300-1474-4ec7-9980-d32b190e9b07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\eebps.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\eebps.dll
    O11 - Options group: [international] International*
    O11 - Options group: [java_sun] Java (Sun)
    O11 - Options group: [searching] Search from the Address bar
    O11 - Options group: [tabs] Tabbed Browsing
    O14 - IERESET.INF: START_PAGE_URL=http://www.carrefour-multimedia.com
    O15 - Trusted IP range: 81.222.131.59
    O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
    O16 - DPF: {6414512b-b978-451d-a0d8-fcfdf33e833c} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
    O16 - DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://intranet.aiga-fr.com/Remote/msrdp.cab
    O16 - DPF: {e06e2e99-0aa1-11d4-aba6-0060082aa75c} (GpcContainer Class) - https://autodesk-france.webex.com/client/T26L/training/...
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 17078 bytes
    22 Novembre 2008 18:07:08

    Bonsoir,

    je n'arrive pas à installer Antivir, j'ai les message suivant :

    "Setup has detecte an already installed version of Antivir. Please unistall this version before starting setup again."


    j'ai supprimer dans regedit toute les clés contenant antivir, j'ai ensuite lancer un nettoyeur de base de registre mais rien n'y fait. J'ai installé ce logiciel il y a un moment déjà longtemps et je ne me rappelle pas l'avoir mal désinstaller.
    Avez vous une idée.

    merci
    a b 8 Sécurité
    22 Novembre 2008 20:23:13

    Passe un coup de RegSeeker pour voir.
    22 Novembre 2008 21:22:08

    je ne sais pas exactement à quel moment mais regseeker fait redemarrer mon pc. Cela me fait la même chose avec Ad Aware, c'est à dire qu'au bout d'un moment mon Pc reboot tout seul (pas en mode sans echec, il va jusqu'au bout).

    Sinon je ne peux plus lancer windows update, IE se lance mais rien ne se lance, il cherche sans cesse.

    je ne sais pas si tout cela est lié et si vous avez des idées. Tout cela me dépasse !!!

    Merci pour votre temps
    emmanuelle
    a b 8 Sécurité
    23 Novembre 2008 16:12:09

    Ton pc reboot souvent ? Je pense qu'il surchauffe.
    24 Novembre 2008 19:56:44

    Bonsoir,

    non il ne redemarre pas souvent mai effectivement il chauffe peut etre car c'est à chaque fois qu'il fait un "long" travail.
    sinon, dans la journée il ne redemarre pas

    a b 8 Sécurité
    25 Novembre 2008 13:00:06

    Problème Hardware je pense.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS