Votre question

Disparition du menu contextuel + rapport Hijackthis [ Résolu]

Tags :
  • Hijackthis
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Octobre 2007 17:16:02

Bonjour,

Antivir me trouve un trojan appelé " khjgggf.dll " l' emplacement est C:\Windows\system32 , le pc est un peu lent mais bon il a plus de 3 ans donc je suppose que c'est plus ou moins normal et surtout le menu contextuel met plus de 15 secondes a apparaitre ou carrément il n' apparait pas du tout, voila besoin d un coup de main. merci merci au Helper qui prendra le temps de me repondre .

Logfile of HijackThis v1.99.1
Scan saved at 17:08:00, on 22/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Multimedia Combo Set\MouseDrv.exe
C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\NetAnalyse\NetAnalyse.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Applicatifs\RamBoost XP\RAMBXPFR.EXE
C:\Program Files\3M\postit\PsnLite.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\3M\postit\PSNGive.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\YAnn\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - C:\WINDOWS\system32\khfgggf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [RamBoostXp] "C:\Applicatifs\RamBoost XP\RAMBXPFR.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\postit\PsnLite.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: khfgggf - C:\WINDOWS\SYSTEM32\khfgggf.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Autres pages sur : disparition menu contextuel rapport hijackthis resolu

a b 8 Sécurité
22 Octobre 2007 18:08:44

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    22 Octobre 2007 18:54:45

    Retour du menu context..., génial merci parce que c'est vraiment chiant quand ce menu n' existe plus, encore merci .

    Rapport VundoFix :

    VundoFix V6.5.10

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 18:15:41 22/10/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\khfgggf.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\khfgggf.dll
    C:\WINDOWS\system32\khfgggf.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\khfgggf.dll
    C:\WINDOWS\system32\khfgggf.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.5.10

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 18:25:56 22/10/2007

    Listing files found while scanning....

    No infected files were found.


    VundoFix V6.5.10

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 18:47:54 22/10/2007

    Listing files found while scanning....

    No infected files were found.

    Rapport HijackThis :

    Retour du menu c...Logfile of HijackThis v1.99.1
    Scan saved at 18:51:33, on 22/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Mouse Driver\MouseDrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\NetAnalyse\NetAnalyse.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Applicatifs\RamBoost XP\RAMBXPFR.EXE
    C:\Program Files\3M\postit\PsnLite.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\PROGRA~1\3M\postit\PSNGive.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\YAnn\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
    O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
    O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [RamBoostXp] "C:\Applicatifs\RamBoost XP\RAMBXPFR.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\postit\PsnLite.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    Encore merci .
    Contenus similaires
    a b 8 Sécurité
    22 Octobre 2007 19:12:18

    Re,

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    22 Octobre 2007 22:21:07

    Voila le rapport Combofix :

    ComboFix 07-10-22.7 - YAnn 2007-10-22 22:16:32.3 - FAT32x86
    Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.592 [GMT 2:00]
    Running from: C:\Documents and Settings\YAnn\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\YAnn\Menu D‚marrer\Programmes\MessengerSkinner
    C:\up.exe
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\wanpacket.dll
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_NPF
    -------\NPF




    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-22 to 2007-10-22 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-22 21:57 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-21 18:54 <REP> d-------- C:\Program Files\Avira
    2007-10-17 23:43 <REP> d-------- C:\Documents and Settings\All Users\SonicStage
    2007-10-17 22:04 414,083 --a------ C:\WINDOWS\Enjoy 6e Uninstaller.exe
    2007-10-17 22:00 <REP> d-------- C:\Program Files\Fichiers communs\Thraex Software
    2007-10-17 22:00 <REP> d-------- C:\Program Files\Enjoy 6e
    2007-10-12 23:35 <REP> d-------- C:\temp\FrankProtocol
    2007-10-12 23:35 <REP> d-------- C:\temp\FrankPacManager
    2007-10-12 23:35 <REP> d-------- C:\temp\FrankMedium
    2007-10-12 23:35 <REP> d-------- C:\temp\FrankHandler
    2007-10-12 23:35 <REP> d-------- C:\temp\FrankFormat
    2007-10-12 23:35 <REP> d-------- C:\temp\FrankDevice
    2007-10-12 23:35 <REP> d-------- C:\temp\FrankContents
    2007-10-12 23:35 <REP> d-------- C:\temp\Frank
    2007-10-12 23:35 <REP> d-------- C:\temp
    2007-10-09 23:11 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-08-30 19:23 --------- d-----w C:\Program Files\LEGO Company
    2007-08-30 19:23 --------- d-----w C:\Documents and Settings\YAnn\Application Data\LEGO Company
    2007-08-30 19:20 --------- d-----w C:\Documents and Settings\YAnn\Application Data\Yahoo!
    2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:17 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 09:59 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 09:59 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 09:59 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 09:59 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 09:59 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 09:59 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 09:59 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 09:59 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 09:59 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 09:59 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 09:59 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 09:59 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 09:59 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 09:59 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 09:59 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 09:59 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 09:59 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 09:59 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 09:59 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 09:59 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 09:59 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 09:59 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 09:59 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:22 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:22 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:22 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-08-04 20:43 201,728 ----a-w C:\WINDOWS\system32\PolarClock3.scr
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2007-07-25 18:59 416 ----a-w C:\CFCleanUp.bat
    2007-01-29 19:06 58,379 ----a-w C:\Program Files\Uninstal.exe
    2005-04-14 21:38 808 ----a-w C:\Program Files\INSTALL.LOG
    2004-09-17 05:27 2,036,919 ----a-w C:\Program Files\syphrzw1.exe
    2004-03-27 13:09 3,330 ----a-w C:\Program Files\Xp Autoptimize.h
    2004-03-27 13:04 31,289 ----a-w C:\Program Files\Xp Autoptimize.cpp
    2004-03-27 13:02 2,959 ----a-w C:\Program Files\francais.lng
    2004-03-27 13:02 2,175 ----a-w C:\Program Files\english.lng
    2004-02-03 16:20 3,925 ----a-w C:\Program Files\License.txt
    2003-02-22 05:24 2,772 ----a-w C:\Program Files\register.htm
    2003-02-22 05:08 689,502 ----a-w C:\Program Files\citysh.exe
    2000-11-02 23:23 2,257,447 ----a-w C:\Program Files\instalNo.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CreativeMouse "="C:\Program Files\Mouse Driver\MouseDrv.exe" [2004-06-27 15:38]
    "WireLessMouse "="C:\Program Files\Multimedia Combo Set\MouseDrv.exe" [2004-06-27 14:54]
    "WireLessKeyboard "="C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe" [2004-07-01 09:40]
    "VTTimer"="VTTimer.exe" [2003-05-07 09:32 C:\WINDOWS\system32\VTTimer.exe]
    "SoundMan"="SOUNDMAN.EXE" [2004-05-14 15:47 C:\WINDOWS\SOUNDMAN.EXE]
    "RoxioEngineUtility"="C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44]
    "RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-06-24 14:47]
    "PCMService"="C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [2004-07-06 14:06]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00]
    "DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "NetAnalyse"="C:\Program Files\NetAnalyse\NetAnalyse.exe" [2006-03-20 18:38]
    "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2006-10-17 03:20]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-09 09:26]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-21 18:57]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2003-03-01 16:40]
    "RamBoostXp"="C:\Applicatifs\RamBoost XP\RAMBXPFR.EXE" [2003-02-19 01:41]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54]
    "Alwact.exe"="" []
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-03-08 22:54]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

    C:\Documents and Settings\YAnn\Menu D‚marrer\Programmes\D‚marrage\
    Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-07-19]
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2006-03-07 22:23:39]
    NetAnalyse.lnk - C:\Program Files\NetAnalyse\NetAnalyse.exe [2006-03-20 18:38:42]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceCheck"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\PROGRA~1\FICHIE~1\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 16:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=wbsys.dll

    R1 DVDVRRdr_xp;DVDVRRdr_xp;C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
    R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
    R1 UDFReadr;UDFReadr;C:\WINDOWS\system32\drivers\UDFReadr.sys
    R3 Tunx00;FunTV Video Capture;C:\WINDOWS\system32\DRIVERS\Tunx00.sys
    R3 TxTuner;FunTV TV Tuner;C:\WINDOWS\system32\DRIVERS\TxTuner.sys
    S3 8180e0ce-3fd3-40bf-b20f-503be4be8c9f;8180e0ce-3fd3-40bf-b20f-503be4be8c9f;\??\E:\Player\cds300.dll
    S3 lredbooo;lredbooo;\??\C:\DOCUME~1\YAnn\LOCALS~1\Temp\lredbooo.sys
    S3 SaiH0109;SaiH0109;C:\WINDOWS\system32\DRIVERS\SaiH0109.sys
    S3 SaiU0109;SaiU0109;C:\WINDOWS\system32\DRIVERS\SaiU0109.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-17 16:08:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    .
    **************************************************************************

    catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-22 22:17:54
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-10-22 22:18:32
    .
    --- E O F ---
    a b 8 Sécurité
    22 Octobre 2007 22:22:37

    Reposte un rapport Hijackthis.
    22 Octobre 2007 22:48:25

    Voila !!

    Logfile of HijackThis v1.99.1
    Scan saved at 22:47:43, on 22/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\YAnn\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
    O4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\Multimedia Combo Set\MouseDrv.exe
    O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NetAnalyse] C:\Program Files\NetAnalyse\NetAnalyse.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [RamBoostXp] "C:\Applicatifs\RamBoost XP\RAMBXPFR.EXE"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Startup: NetAnalyse.lnk = C:\Program Files\NetAnalyse\NetAnalyse.exe
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\postit\PsnLite.exe
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmesfr.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\FICHIE~1\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\STARDOCK\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    a b 8 Sécurité
    23 Octobre 2007 12:07:38

    C'est mieux ?
    24 Octobre 2007 00:12:43

    oui tout va bien, le menu apparait rapidement, j' ai refait un scan avec antivir, il restait une trace dans un point de restauration j' ai donc desactive/active, tout va bien un coup de spybot de ad-aware une bonne defragmentation et tout ira bien, merci a toi, merci beaucoup !!
    a b 8 Sécurité
    24 Octobre 2007 10:20:11

    Bonne continuation.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS