noxei
-
Compteur de contenus
6 -
Inscription
-
Dernière visite
noxei's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Non des Toolbar genre Yahoo Toolbar, impossible à virer ...
-
Bonjour, j'ai l'impression d'être infesté, j'ai des toolbar de partout sur mon navigateur ... pourriez vous m'aider SVP merci beaucoup Nox Mon rapport : Logfile of HijackThis v1.99.1 Scan saved at 18:52:46, on 22/12/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\e-buro.exe C:\Program Files\Equant\Dialer\EACSvrMngr.exe c:\tivoli\itm\FTIM.EXE C:\WINNT\System32\FTRTSVC.exe C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\mcshield.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\System32\svchost.exe C:\WINNT\RCSERV.EXE C:\Program Files\UPHClean\uphclean.exe C:\WINNT\System32\eTSrv.exe C:\Program Files\Citrix\Client ICA\ssonsvr.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\quickres.exe C:\Program Files\Apoint\Apoint.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINNT\System32\e-buroUI.exe C:\Program Files\Apoint\Apntex.exe C:\WINNT\System32\eTCrtMng.exe C:\Tivoli\itm\DesktopAdmin.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\PROGRA~1\Tivoli\lcf\dat\1\Mobile\mobile.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Jabber\Messenger\JabberMessenger.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINNT\System32\svchost.exe C:\Program Files\OrangeBs\TaskBarIcon.exe C:\Program Files\OrangeBs\BusinessEverywhere.exe C:\Program Files\OrangeBs\ComComp.exe C:\Program Files\OrangeBs\Watch.exe C:\WINNT\system32\FTCOMM~1\FTCOMM~1.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\ekbx5009\FT-8F3BFFB8796E\Bureau\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.si.francetelecom.fr/eburo...ercheEburo.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fr.msn.com/access/allinone.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet-orange.ftm.francetelecom.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet-orange.ftm.francetelecom.fr R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet-orange.ftm.francetelecom.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by e-buro R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=172.16.2.8:8000;https=172.16.2.8:8000 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [schedulingAgent] mstinit.exe /firstlogon O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [eburoUI] "C:\WINNT\System32\e-buroUI.exe" O4 - HKLM\..\Run: [winzip] "C:\Program Files\Winzip\winzip.vbs\\" O4 - HKLM\..\Run: [Messenger] "C:\Program Files\messenger\messenger.vbs\" O4 - HKLM\..\Run: [NetMeeting] "C:\Program Files\dirtel\coopnet\cfgnetmeeting.vbs\" O4 - HKLM\..\Run: [RealOne Player] C:\PROGRA~1\Real\REALON~1\CONF_U~1.VBS O4 - HKLM\..\Run: [MediaPlayer] "C:\Program Files\windows media player\wmp.vbs\\\" O4 - HKLM\..\Run: [PrintScreen] "C:\Program Files\printscreen\pscreen.vbs\" O4 - HKLM\..\Run: [Visionneuse] "C:\Program Files\Windows Journal Viewer\visionneuse.vbs\" O4 - HKLM\..\Run: [Outlook] C:\Program Files\Outlook Express\Outlook.vbs O4 - HKLM\..\Run: [uSRPKGS] C:\WINNT\usrpkgs\launch.vbs O4 - HKLM\..\Run: [eTCertManger] C:\WINNT\System32\eTCrtMng.exe O4 - HKLM\..\Run: [swdisUsrPCN.FT-8F3BFFB8796E] "C:\PROGRA~1\Tivoli\lcf\dat\1\cache\lib\w32-ix86\wdusrpcn.exe" "C:\Program Files\Tivoli\swdis\1\wdusrpcn.envFT-8F3BFFB8796E" O4 - HKLM\..\Run: [DesktopAdmin] C:\Tivoli\itm\DesktopAdmin.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Mobile] "C:\PROGRA~1\Tivoli\lcf\dat\1\Mobile\epspawn.exe" -w "C:\PROGRA~1\Tivoli\lcf\dat\1\Mobile" "C:\PROGRA~1\Tivoli\lcf\dat\1\Mobile\mobile.exe" O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [OBSWATCH] C:\PROGRA~1\OrangeBs\Watch.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Jabber Messenger] C:\Program Files\Jabber\Messenger\JabberMessenger.exe -hidden O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Appeler un correspondant - {B8327384-C68F-4F9C-B4DC-F84A1F08FA60} - C:\PROGRA~1\FRANCE~1\TSPCLI~1\IEAddin.dll O9 - Extra 'Tools' menuitem: Appeler un correspondant - {B8327384-C68F-4F9C-B4DC-F84A1F08FA60} - C:\PROGRA~1\FRANCE~1\TSPCLI~1\IEAddin.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://intranet-orange.ftm.francetelecom.fr O15 - Trusted Zone: http://www.agence.francetelecom.com O15 - Trusted Zone: http://ca.maquette.ocisi.francetelecom.fr O15 - Trusted Zone: http://chooser.sso.francetelecom.fr O15 - Trusted Zone: http://emulations.lille.francetelecom.fr O15 - Trusted Zone: http://emulations.lyon.francetelecom.fr O15 - Trusted Zone: http://emulations.melun.francetelecom.fr O15 - Trusted Zone: http://emulations.nanterre.francetelecom.fr O15 - Trusted Zone: http://emulations.nantes.francetelecom.fr O15 - Trusted Zone: http://emulations.ocisi.francetelecom.fr O15 - Trusted Zone: http://emulations.si.francetelecom.fr O15 - Trusted Zone: http://emulations.strasbourg.francetelecom.fr O15 - Trusted Zone: http://emulations.toulouse.francetelecom.fr O15 - Trusted Zone: http://gassi.francetelecom.fr O15 - Trusted Zone: http://gassi.sso.francetelecom.fr O15 - Trusted Zone: http://intranoo.francetelecom.fr O15 - Trusted Zone: http://qfsmusic-music.sso.francetelecom.fr O15 - Trusted Zone: http://siroco-crm.francetelecom.fr O15 - Trusted Zone: http://www.agence.francetelecom.com (HKLM) O15 - Trusted Zone: http://ca.maquette.ocisi.francetelecom.fr (HKLM) O15 - Trusted Zone: http://chooser.sso.francetelecom.fr (HKLM) O15 - Trusted Zone: http://emulations.lille.francetelecom.fr (HKLM) O15 - Trusted Zone: http://emulations.lyon.francetelecom.fr (HKLM) O15 - Trusted Zone: http://emulations.melun.francetelecom.fr (HKLM) O15 - Trusted Zone: http://emulations.nanterre.francetelecom.fr (HKLM) O15 - Trusted Zone: http://emulations.nantes.francetelecom.fr (HKLM) O15 - Trusted Zone: http://emulations.ocisi.francetelecom.fr (HKLM) O15 - Trusted Zone: http://emulations.strasbourg.francetelecom.fr (HKLM) O15 - Trusted Zone: http://emulations.toulouse.francetelecom.fr (HKLM) O15 - Trusted Zone: http://gassi.francetelecom.fr (HKLM) O15 - Trusted Zone: http://gassi.sso.francetelecom.fr (HKLM) O15 - Trusted Zone: http://intranoo.francetelecom.fr (HKLM) O15 - Trusted Zone: http://pki-archimede.sso.francetelecom.fr (HKLM) O15 - Trusted Zone: http://qfsmusic-music.sso.francetelecom.fr (HKLM) O15 - Trusted Zone: http://siroco-crm.francetelecom.fr (HKLM) O16 - DPF: Documentum Content Transfer 5.2.5 SP - http://webdoc.si.francetelecom.fr/webdoc/w...ContentXfer.cab O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://quickplace.si.francetelecom.fr/qp2.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.francetelecom.fr O17 - HKLM\Software\..\Telephony: DomainName = ad.francetelecom.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{E8D5E145-EB90-4239-8AE2-3401FF23AC1C}: NameServer = 194.51.3.56 194.51.3.76 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.francetelecom.fr O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.francetelecom.fr O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Unknown owner - C:\Program Files\Equant\Dialer\EACSvrMngr.exe O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Unknown owner - C:\Program Files\Equant\Dialer\EACSys.exe O23 - Service: Service e-buro (eburo) - France Telecom - C:\WINNT\System32\e-buro.exe O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINNT\System32\eTSrv.exe O23 - Service: FTIM - Unknown owner - c:\tivoli\itm\FTIM.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINNT\System32\FTRTSVC.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe O23 - Service: Tivoli Remote Control Service (TME10RC) - IBM Corporation - C:\WINNT\RCSERV.EXE O23 - Service: WPopupSvc - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\tools\wpopupsvc.exe
-
Merci beaucoup et je vais penser à virer N****** de m*****
-
Bonjour Jack et merci pour ta réponse. Alors après avoir tout effectué correectement (enfin j'espere) : le rapport de Viruscan Jotti : Pour Teledis.exe : File: teledis.exe Status: OK MD5 01bea8dc0eac5b88655e1509cd6c15cd Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing Pour UserConf.exe : File: UserConf.exe Status: OK MD5 40d50e9520d3befaf9f663f02077f458 Packers detected: - Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing Le nouveau rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 17:29:32, on 16/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\NavNT\vptray.exe C:\PROGRA~1\Orange\Watch.exe C:\Program Files\AVPersonal\AVGNT.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mobiloo.ftm.francetelecom.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyftm:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [ORAWATCH] C:\PROGRA~1\Orange\Watch.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ftm.francetelecom.fr O17 - HKLM\Software\..\Telephony: DomainName = ftm.francetelecom.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ftm.francetelecom.fr O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Nokia D211 (D211CTL) - Nokia Corporation - C:\PROGRA~1\Nokia\NOKIAD~1\D211CTL.EXE O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Teledis - FTMS - C:\windows\system32\teledis.exe Voilà, j'espere que maintenant c'est clean. En tout cas merci beaucoup pour cette communauté rapide et efficace. Noxei
-
oui oui j'ai fait tout comme indiqué dans le post précedent !!! C'est pour ça que je vous donne l'etat du rapport après avoir effectué toutes les phases de prénéttoyage. Cdlt Noxei
-
Bonjour à tous, voilà, je viens de recuperer un PC portable qui a vadrouillé sur un peu tous les réseaux du monde, en afrique ... et il est blindé de spyware .... voilà le rapport d'analyse HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 12:09:13, on 16/11/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mobiloo.ftm.francetelecom.fr/recher...che_avancee.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mobiloo.ftm.francetelecom.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet-orange.ftm.francetelecom.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://mobiloo.ftm.francetelecom.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par OrangeFrance R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyftm:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = twiny.ftm.francetelecom.fr;twiny R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [RealOne Player] C:\PROGRA~1\Real\REALON~1\CONF_U~1.VBS O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MediaPlayer] "C:\Program Files\windows media player\wmp.vbs\\" O4 - HKLM\..\Run: [TELEDIS] D:\Applis\Teledis\UserConf.exe /S O4 - HKLM\..\Run: [ORAWATCH] C:\PROGRA~1\Orange\Watch.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [RegSvr32] C:\WINDOWS\System32\msmsgs.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O14 - IERESET.INF: START_PAGE_URL=http://mobiloo.ftm.francetelecom.fr O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/en/SysWebTelecomInt.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1129565262102 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ftm.francetelecom.fr O17 - HKLM\Software\..\Telephony: DomainName = ftm.francetelecom.fr O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ftm.francetelecom.fr O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: Nokia D211 (D211CTL) - Nokia Corporation - C:\PROGRA~1\Nokia\NOKIAD~1\D211CTL.EXE O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\Rtvscan.exe O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Teledis - FTMS - C:\windows\system32\teledis.exe Merci beaucoup Noxei