ISA24
-
Compteur de contenus
14 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par ISA24
-
-
Bonjour,
Voici le rapport de Dr Web :
SmitfraudFix.exe\SmitfraudFix\AntiXPVSTFix.exe;C:\SmitfraudFix.exe;BackDoor.IRC.Dosig.15;;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\SmitfraudFix.exe;Tool.ShutDown.11;;
SmitfraudFix.exe;C:\;L'archive contient des éléments infectés;Quarantaine.;
SmitfraudFix.exe\SmitfraudFix\AntiXPVSTFix.exe;C:\upload_moi_PCISA.tar.gz\upload_moi.tar\SmitfraudFix.exe;BackDoor.IRC.Dosig.15;;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\upload_moi_PCISA.tar.gz\upload_moi.tar\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\upload_moi_PCISA.tar.gz\upload_moi.tar\SmitfraudFix.exe;Tool.ShutDown.11;;
SmitfraudFix.exe;C:\upload_moi_PCISA.tar.gz\upload_moi.tar;L'archive contient des éléments infectés;;
upload_moi.tar\WINDOWS/System32/AntiXPVSTFix.exe;C:\upload_moi_PCISA.tar.gz\upload_moi.tar;BackDoor.IRC.Dosig.15;;
upload_moi.tar;C:\upload_moi_PCISA.tar.gz;L'archive contient des éléments infectés;;
upload_moi_PCISA.tar.gz;C:\;L'archive contient des éléments infectés;Quarantaine.;
pskill.exe;C:\Documents and Settings\ISABELLE\Bureau\clean;Tool.ProcessKill.7;Irréparable.Quarantaine.;
pskill.exe;C:\Documents and Settings\ISABELLE\Bureau\clean\clean;Tool.ProcessKill.7;Irréparable.Quarantaine.;
POSTOOBE.NEC;C:\DRIVERS;VBS.Generic.278;Supprimé.;
BitDownload-4.5-setup.exe\data011;C:\Program Files\BitTorrent Fastest Tool\BitDownload-4.5-setup.exe;Trojan.Swizzor.2856;;
BitDownload-4.5-setup.exe;C:\Program Files\BitTorrent Fastest Tool;L'archive contient des éléments infectés;Quarantaine.;
CodePostal.exe;C:\Program Files\Code Postal;Trojan.PWS.Banker.20737;Supprimé.;
AntiXPVSTFix.exe;C:\SmitfraudFix;BackDoor.IRC.Dosig.15;Supprimé.;
Process.exe;C:\SmitfraudFix;Tool.Prockill;Irréparable.Quarantaine.;
restart.exe;C:\SmitfraudFix;Tool.ShutDown.11;Irréparable.Quarantaine.;
A0006606.exe\SmitfraudFix\AntiXPVSTFix.exe;C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0006606.exe;BackDoor.IRC.Dosig.15;;
A0006606.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0006606.exe;Tool.Prockill;;
A0006606.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0006606.exe;Tool.ShutDown.11;;
A0006606.exe;C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21;L'archive contient des éléments infectés;Quarantaine.;
A0006607.exe\data011;C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0006607.exe;Trojan.Swizzor.2856;;
A0006607.exe;C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21;L'archive contient des éléments infectés;Quarantaine.;
A0006608.exe;C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21;Trojan.PWS.Banker.20737;Supprimé.;
A0006609.exe;C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21;BackDoor.IRC.Dosig.15;Supprimé.;
AntiXPVSTFix.exe;C:\WINDOWS\system32;BackDoor.IRC.Dosig.15;Supprimé.;
Process.exe;C:\WINDOWS\system32;Tool.Prockill;Irréparable.Quarantaine.;
SmitfraudFix.exe\SmitfraudFix\AntiXPVSTFix.exe;D:\Logiciels\SmitfraudFix.exe;BackDoor.IRC.Dosig.15;;
SmitfraudFix.exe\SmitfraudFix\Process.exe;D:\Logiciels\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;D:\Logiciels\SmitfraudFix.exe;Tool.ShutDown.11;;
SmitfraudFix.exe;D:\Logiciels;L'archive contient des éléments infectés;Quarantaine.;
A0006611.exe\SmitfraudFix\AntiXPVSTFix.exe;D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0006611.exe;BackDoor.IRC.Dosig.15;;
A0006611.exe\SmitfraudFix\Process.exe;D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0006611.exe;Tool.Prockill;;
A0006611.exe\SmitfraudFix\restart.exe;D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21\A0006611.exe;Tool.ShutDown.11;;
A0006611.exe;D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP21;L'archive contient des éléments infectés;Quarantaine.;
-
Encore essayée mais rien à faire. Je vais donc finir par la réparation mais est-ce valable pour XP ? et si je n'ai pas le cd de windows, à partir de quoi je réinstale ?
Merci quand même pour votre temps
-
Oui, Oui, j'ai fais tout ça !!
Cependant, toujours même chose. A chaque démarrage du pc, svchost se lance à 99%.
-
KB927891 exécuté mais message suivant :
pas nécessaire d'installer cette mise à jour car version installée + récente.
Rapport Dial a fix avec un retour d'erreur d'accès au registre OLE - error 2147319780 :
Notes about this log:
1) "->" denotes an external command being executed, and "-> (number)" indicates
the return code from the previous command
2) Not all external command return codes are accurate, or useful
3) Sometimes commands return 0 (no error) even when they fail or crash
4) If an error occurs while registering an object, please send an email to:
[email protected] and include a copy of this log
DAF version: v0.60.0.24
--- System info ---
OS: Microsoft Windows XP Service Pack 3
IE version: 6.0.2900.5512
MPC: 76412-OEM
CPU: AMD Athlon 64 Processor 3500+ (~2190MHz)
CPU: CPU is 64-bit or has 64-bit extensions
BIOS: 06/09/2005
Memory (approx): 2047MB
Uptime: 0 hour(s)
Current directory: C:\Drive\Dial-a-fix-v0.60.0.24\Dial-a-fix-v0.60.0.24
---
06/10/2008 18:49:13 -- Dial-a-fix : [v0.60.0.24] -- started
18:49:13 | Policy scan started
18:49:13 | The following restrictive policies were found:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer\NoActiveDesktopChanges
HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer\NoThemesTab
--- Emptying temp folders ---
18:50:45 | Deleting C:\Documents and Settings\ISABELLE\Local Settings\Temp...
18:50:46 | C:\Documents and Settings\ISABELLE\Local Settings\Temp could not be completely emptied, please reboot and try again
18:50:46 | Deleting C:\WINDOWS\temp...
18:50:46 | C:\WINDOWS\temp could not be completely emptied, please reboot and try again
18:50:46 | Deleting C:\DOCUME~1\ISABELLE\LOCALS~1\Temp...
18:50:46 | C:\DOCUME~1\ISABELLE\LOCALS~1\Temp could not be completely emptied, please reboot and try again
--- MSI ---
18:51:16 | Registered: C:\WINDOWS\system32\msi.dll
--- Windows Update ---
--- Registration: Windows Update/Automatic Update DLLs ---
18:51:21 | Unregistered: C:\WINDOWS\system32\msxml.dll
18:51:21 | Registered: C:\WINDOWS\system32\msxml.dll
18:51:21 | Unregistered: C:\WINDOWS\system32\msxml2.dll
18:51:22 | Registered: C:\WINDOWS\system32\msxml2.dll
18:51:23 | Unregistered: C:\WINDOWS\system32\msxml3.dll
18:51:23 | Registered: C:\WINDOWS\system32\msxml3.dll
18:51:23 | Unregistered: C:\WINDOWS\system32\msxml4.dll
18:51:23 | Registered: C:\WINDOWS\system32\msxml4.dll
18:51:23 | Unregistered: C:\WINDOWS\system32\qmgr.dll
18:51:23 | Registered: C:\WINDOWS\system32\qmgr.dll
18:51:23 | Unregistered: C:\WINDOWS\system32\qmgrprxy.dll
18:51:23 | Registered: C:\WINDOWS\system32\qmgrprxy.dll
18:51:23 | Unregistered: C:\WINDOWS\system32\muweb.dll
18:51:23 | Registered: C:\WINDOWS\system32\muweb.dll
18:51:23 | Unregistered: C:\WINDOWS\system32\winhttp.dll
18:51:23 | Registered: C:\WINDOWS\system32\winhttp.dll
18:51:24 | Registered: C:\WINDOWS\system32\wuapi.dll
18:51:24 | Unregistered: C:\WINDOWS\system32\wuaueng.dll
18:51:24 | Registered: C:\WINDOWS\system32\wuaueng.dll
18:51:24 | Unregistered: C:\WINDOWS\system32\wuaueng1.dll
18:51:24 | Registered: C:\WINDOWS\system32\wuaueng1.dll
18:51:24 | Unregistered: C:\WINDOWS\system32\wucltui.dll
18:51:24 | Registered: C:\WINDOWS\system32\wucltui.dll
18:51:24 | Unregistered: C:\WINDOWS\system32\wups.dll
18:51:24 | Registered: C:\WINDOWS\system32\wups.dll
18:51:24 | Unregistered: C:\WINDOWS\system32\wups2.dll
18:51:24 | Registered: C:\WINDOWS\system32\wups2.dll
18:51:24 | Unregistered: C:\WINDOWS\system32\wuweb.dll
18:51:24 | Registered: C:\WINDOWS\system32\wuweb.dll
18:51:24 | Registered: C:\WINDOWS\system32\ole32.dll
--- SSL/HTTPS/Cryptography ---
18:51:34 | Executed 'cmd.exe /c rmdir /q /s C:\WINDOWS\system32\Catroot2'
--- Registration: SSL/HTTPS/Cryptography ---
18:51:38 | Unregistered: C:\WINDOWS\system32\cryptdlg.dll
18:51:38 | Registered: C:\WINDOWS\system32\cryptdlg.dll
18:51:38 | Unregistered: C:\WINDOWS\system32\cryptui.dll
18:51:38 | Registered: C:\WINDOWS\system32\cryptui.dll
18:51:38 | Unregistered: C:\WINDOWS\system32\cryptext.dll
18:51:38 | Registered: C:\WINDOWS\system32\cryptext.dll
18:51:38 | Unregistered: C:\WINDOWS\system32\dssenh.dll
18:51:38 | Registered: C:\WINDOWS\system32\dssenh.dll
18:51:38 | Unregistered: C:\WINDOWS\system32\gpkcsp.dll
18:51:38 | Registered: C:\WINDOWS\system32\gpkcsp.dll
18:51:39 | Unregistered: C:\WINDOWS\system32\initpki.dll
18:52:36 | Registered: C:\WINDOWS\system32\initpki.dll
18:52:36 | Unregistered: C:\WINDOWS\system32\licdll.dll
18:52:36 | Registered: C:\WINDOWS\system32\licdll.dll
18:52:36 | Unregistered: C:\WINDOWS\system32\mssign32.dll
18:52:36 | Registered: C:\WINDOWS\system32\mssign32.dll
18:52:36 | Unregistered: C:\WINDOWS\system32\mssip32.dll
18:52:36 | Registered: C:\WINDOWS\system32\mssip32.dll
18:52:36 | Unregistered: C:\WINDOWS\system32\scardssp.dll
18:52:36 | Registered: C:\WINDOWS\system32\scardssp.dll
18:52:36 | Unregistered: C:\WINDOWS\system32\sccbase.dll
18:52:36 | Registered: C:\WINDOWS\system32\sccbase.dll
18:52:36 | Unregistered: C:\WINDOWS\system32\scecli.dll
18:52:37 | Registered: C:\WINDOWS\system32\scecli.dll
18:52:37 | Unregistered: C:\WINDOWS\system32\softpub.dll
18:52:37 | Registered: C:\WINDOWS\system32\softpub.dll
18:52:37 | Unregistered: C:\WINDOWS\system32\slbcsp.dll
18:52:37 | Registered: C:\WINDOWS\system32\slbcsp.dll
18:52:37 | Unregistered: C:\WINDOWS\system32\regwizc.dll
18:52:37 | Registered: C:\WINDOWS\system32\regwizc.dll
18:52:37 | Unregistered: C:\WINDOWS\system32\rsaenh.dll
18:52:37 | Registered: C:\WINDOWS\system32\rsaenh.dll
18:52:37 | Unregistered: C:\WINDOWS\system32\winhttp.dll
18:52:37 | Registered: C:\WINDOWS\system32\winhttp.dll
18:52:37 | Unregistered: C:\WINDOWS\system32\wintrust.dll
18:52:37 | Registered: C:\WINDOWS\system32\wintrust.dll
--- Registration: ActiveX controls/codecs ---
18:52:38 | Registered: C:\WINDOWS\system32\acelpdec.ax
18:52:38 | Registered: C:\WINDOWS\system32\actxprxy.dll
18:52:38 | Registered: C:\WINDOWS\system32\asctrls.ocx
18:52:38 | Registered: C:\WINDOWS\system32\daxctle.ocx
18:52:38 | Registered: C:\WINDOWS\system32\hhctrl.ocx
18:52:38 | Registered: C:\WINDOWS\system32\l3codecx.ax
18:52:38 | Registered: C:\WINDOWS\system32\licmgr10.dll
18:52:38 | Registered: C:\WINDOWS\system32\mpg4ds32.ax
18:52:40 | Registered: C:\WINDOWS\system32\msdxm.ocx
18:52:40 | Registered: C:\WINDOWS\system32\proctexe.ocx
18:52:40 | Registered: C:\WINDOWS\system32\tdc.ocx
18:52:40 | Registered: C:\WINDOWS\system32\wshom.ocx
--- Registration: Control Panel applets ---
18:52:40 | DllInstalled: C:\WINDOWS\system32\inetcpl.cpl
18:52:40 | DllInstalled: C:\WINDOWS\system32\appwiz.cpl
18:52:40 | Registered: C:\WINDOWS\system32\appwiz.cpl
18:52:40 | DllInstalled: C:\WINDOWS\system32\nusrmgr.cpl
18:52:40 | Registered: C:\WINDOWS\system32\nusrmgr.cpl
--- Registration: Direct[X|Draw|Show|Media] ---
18:52:41 | Registered: C:\WINDOWS\system32\quartz.dll
18:52:41 | Registered: C:\WINDOWS\system32\danim.dll
18:52:41 | Registered: C:\WINDOWS\system32\dmscript.dll
18:52:41 | Registered: C:\WINDOWS\system32\dmstyle.dll
18:52:41 | Registered: C:\WINDOWS\system32\dxmasf.dll
18:52:41 | Registered: C:\WINDOWS\system32\dxtmsft.dll
18:52:41 | Registered: C:\WINDOWS\system32\dxtrans.dll
18:52:41 | Registered: C:\WINDOWS\system32\sbe.dll
--- Registration: Programming cores/runtimes ---
18:52:41 | Registered: C:\WINDOWS\system32\atl.dll
18:52:41 | Registered: C:\WINDOWS\system32\corpol.dll
18:52:41 | Registered: C:\WINDOWS\system32\jscript.dll
18:52:41 | Registered: C:\WINDOWS\system32\dispex.dll
18:52:42 | Registered: C:\WINDOWS\system32\scrrun.dll
18:52:42 | Registered: C:\WINDOWS\system32\scrobj.dll
18:52:42 | Registered: C:\WINDOWS\system32\vbscript.dll
18:52:42 | Registered: C:\WINDOWS\system32\wshext.dll
--- Registration: Explorer/IE/OE/shell/WMP ---
18:52:42 | Registered: C:\WINDOWS\system32\activeds.dll
18:52:42 | Registered: C:\WINDOWS\system32\audiodev.dll
18:52:42 | DllInstalled: C:\WINDOWS\system32\browseui.dll
18:52:42 | Registered: C:\WINDOWS\system32\browseui.dll
18:52:42 | Registered: C:\WINDOWS\system32\browsewm.dll
18:52:42 | Registered: C:\WINDOWS\system32\cabview.dll
18:52:42 | Registered: C:\WINDOWS\system32\cdfview.dll
18:52:42 | Registered: C:\WINDOWS\system32\clbcatex.dll
18:52:42 | Registered: C:\WINDOWS\system32\clbcatq.dll
18:52:42 | Registered: C:\WINDOWS\system32\comcat.dll
18:52:42 | Registered: C:\WINDOWS\system32\cscui.dll
18:52:42 | Registered: C:\WINDOWS\system32\credui.dll
18:52:42 | Registered: C:\WINDOWS\system32\datime.dll
18:52:42 | Registered: C:\WINDOWS\system32\devmgr.dll
18:52:42 | Registered: C:\WINDOWS\system32\dfsshlex.dll
18:52:43 | Registered: C:\WINDOWS\system32\dmdlgs.dll
18:52:43 | Registered: C:\WINDOWS\system32\dmdskmgr.dll
18:52:43 | Registered: C:\WINDOWS\system32\dmloader.dll
18:52:43 | Registered: C:\WINDOWS\system32\dmocx.dll
18:52:43 | Registered: C:\WINDOWS\system32\dmview.ocx
18:52:43 | DllInstalled: C:\WINDOWS\system32\dsuiext.dll
18:52:43 | Registered: C:\WINDOWS\system32\dsuiext.dll
18:52:43 | DllInstalled: C:\WINDOWS\system32\dsquery.dll
18:52:43 | Registered: C:\WINDOWS\system32\dsquery.dll
18:52:43 | Registered: C:\WINDOWS\system32\dskquoui.dll
18:52:43 | Registered: C:\WINDOWS\system32\els.dll
18:52:43 | Registered: C:\WINDOWS\system32\es.dll
18:52:43 | Registered: C:\WINDOWS\system32\fontext.dll
18:52:43 | Registered: C:\WINDOWS\system32\hlink.dll
18:52:43 | Registered: C:\WINDOWS\system32\hnetcfg.dll
18:52:43 | Registered: C:\WINDOWS\system32\iedkcs32.dll
18:52:43 | Registered: C:\WINDOWS\system32\iepeers.dll
18:52:43 | DllInstalled: C:\WINDOWS\system32\iesetup.dll
18:52:43 | Registered: C:\WINDOWS\system32\iesetup.dll
18:52:43 | Registered: C:\WINDOWS\system32\ils.dll
18:52:44 | Registered: C:\WINDOWS\system32\imgutil.dll
18:52:44 | Registered: C:\WINDOWS\system32\inetcfg.dll
18:52:44 | Registered: C:\WINDOWS\system32\inetcomm.dll
18:52:44 | DllInstalled: C:\WINDOWS\system32\inseng.dll
18:52:44 | Registered: C:\WINDOWS\system32\inseng.dll
18:52:44 | Registered: C:\WINDOWS\system32\laprxy.dll
18:52:44 | Registered: C:\WINDOWS\system32\lmrt.dll
18:52:44 | Registered: C:\WINDOWS\system32\mlang.dll
18:52:44 | Registered: C:\WINDOWS\system32\mmcndmgr.dll
18:52:44 | Registered: C:\WINDOWS\system32\mmcshext.dll
18:52:45 | Registered: C:\WINDOWS\system32\mscoree.dll
18:52:45 | DllInstalled: C:\WINDOWS\system32\mshtml.dll
18:52:45 | Registered: C:\WINDOWS\system32\mshtml.dll
18:52:46 | Registered: C:\WINDOWS\system32\mshtmled.dll
18:52:46 | Registered: C:\WINDOWS\system32\msieftp.dll
18:52:46 | Registered: C:\WINDOWS\system32\msoeacct.dll
18:52:46 | Registered: C:\WINDOWS\system32\msr2c.dll
18:52:46 | Registered: C:\WINDOWS\system32\msrating.dll
18:52:46 | DllInstalled: C:\WINDOWS\system32\mydocs.dll
18:52:46 | Registered: C:\WINDOWS\system32\mydocs.dll
18:52:46 | Registered: C:\WINDOWS\system32\mstime.dll
18:52:46 | Registered: C:\WINDOWS\system32\netcfgx.dll
18:52:46 | DllInstalled: C:\WINDOWS\system32\netplwiz.dll
18:52:46 | Registered: C:\WINDOWS\system32\netplwiz.dll
18:52:46 | Registered: C:\WINDOWS\system32\netman.dll
18:52:46 | Registered: C:\WINDOWS\system32\netshell.dll
18:52:46 | Registered: C:\WINDOWS\system32\ntmsevt.dll
18:52:47 | Registered: C:\WINDOWS\system32\ntmsmgr.dll
18:52:47 | DllInstalled: C:\WINDOWS\system32\ntmssvc.dll
18:52:47 | Registered: C:\WINDOWS\system32\ntmssvc.dll
18:52:47 | DllInstalled: C:\WINDOWS\system32\occache.dll
18:52:47 | Registered: C:\WINDOWS\system32\occache.dll
18:52:47 | Registered: C:\WINDOWS\system32\ole32.dll
18:52:47 | Registered: C:\WINDOWS\system32\oleaut32.dll
18:52:47 | Registered: C:\WINDOWS\system32\oleacc.dll
18:52:47 | Registered: C:\WINDOWS\system32\olepro32.dll
18:52:47 | DllInstalled: C:\WINDOWS\system32\photowiz.dll
18:52:47 | Registered: C:\WINDOWS\system32\photowiz.dll
18:52:47 | Registered: C:\WINDOWS\system32\pngfilt.dll
18:52:47 | Registered: C:\WINDOWS\system32\remotepg.dll
18:52:47 | Registered: C:\WINDOWS\system32\rpcrt4.dll
18:52:47 | Registered: C:\WINDOWS\system32\rshx32.dll
18:52:47 | Registered: C:\WINDOWS\system32\sendmail.dll
18:52:47 | Registered: C:\WINDOWS\system32\slayerxp.dll
18:52:48 | DllInstalled: C:\WINDOWS\system32\shdocvw.dll
18:57:32 | Error during registration of C:\WINDOWS\system32\shdocvw.dll - version: 6.00.2900.5628. The error returned is: Erreur d'accès du Registre OLE.
(-2147319780)
18:57:32 | Registered: C:\WINDOWS\system32\shell32.dll
18:57:33 | DllInstalled: C:\WINDOWS\system32\shell32.dll
18:57:33 | Registered: C:\WINDOWS\system32\shmedia.dll
18:57:34 | DllInstalled: C:\WINDOWS\system32\shimgvw.dll
18:57:34 | Registered: C:\WINDOWS\system32\shimgvw.dll
18:57:34 | DllInstalled: C:\WINDOWS\system32\shsvcs.dll
18:57:34 | Registered: C:\WINDOWS\system32\shsvcs.dll
18:57:34 | Registered: C:\WINDOWS\system32\srclient.dll
18:57:34 | Unregistered: C:\WINDOWS\system32\stobject.dll
18:57:34 | Registered: C:\WINDOWS\system32\stobject.dll
18:57:34 | DllInstalled: C:\WINDOWS\system32\themeui.dll
18:57:34 | Registered: C:\WINDOWS\system32\themeui.dll
18:57:34 | Registered: C:\WINDOWS\system32\twext.dll
18:57:34 | DllInstalled: C:\WINDOWS\system32\urlmon.dll
18:57:34 | Registered: C:\WINDOWS\system32\urlmon.dll
18:57:34 | Registered: C:\WINDOWS\system32\userenv.dll
18:57:34 | DllInstalled: C:\WINDOWS\system32\webcheck.dll
18:57:34 | Registered: C:\WINDOWS\system32\webcheck.dll
18:57:34 | Registered: C:\WINDOWS\system32\webvw.dll
18:57:34 | Registered: C:\WINDOWS\system32\winhttp.dll
18:57:34 | DllInstalled: C:\WINDOWS\system32\wininet.dll
18:57:35 | Registered: C:\WINDOWS\system32\zipfldr.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdadc.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdaenum.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdaer.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdaipp.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdaora.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdaosp.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdaps.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdasc.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdasql.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdatt.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdaurl.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdmeng.dll
18:57:35 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msdmine.dll
18:57:36 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msmdcb80.dll
18:57:36 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msmdgd80.dll
18:57:36 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msolap80.dll
18:57:36 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msolui80.dll
18:57:36 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\msxactps.dll
18:57:36 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\oledb32.dll
18:57:36 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\oledb32r.dll
18:57:36 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\sqloledb.dll
18:57:36 | Registered: C:\Program Files\Fichiers communs\system\Ole DB\sqlxmlx.dll
18:59:34 | Deleting policy: HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer\NoActiveDesktopChanges
18:59:34 | ^ Success
18:59:34 | Deleting policy: HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\Policies\Explorer\NoThemesTab
18:59:34 | ^ Success
18:59:34 | Policy scan started
18:59:35 | Policy scan ended - no restrictive policies were found
18:59:44 | Policy scan started
18:59:44 | Policy scan ended - no restrictive policies were found
-
J'ai suivi la procédure.
Le 1er fichier s'est installé sans problème
Le 2ème n'a pas voulu s'installer me disant qu'il était inutile ma version étant plus récente ou quelque chose dans ce genre.
Le 3ème n'a pas voulu non plus s'installer car différence de langue ???
Voilà, j'en suis donc au même point !
-
Hélas OUI, toujours même problème
-
Re bonjour,
En fait, je crois avoir criée victoire trop tôt ! j'ai toujours ce svchost.exe qui tourne en perrmanence !
J'ai aussi posté un rapport, comme vous me l'aviez demandé et je n'ai pas eu d'autre message. Peut-être est-ce normal ? Je ne sais pas.
-
Encore Merci.
J'ai donc fais tout ce dont vous m'avez indiqué.
Déjà, au redémarrage du pc après avoir fais toutes ces manip. je n'ai plus mon process. qui s'affole, cela est déjà bon signe.
Vous me demandez le rapport de JavaRa, je vous le mets ci-dessous :
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Wed Oct 01 20:59:26 2008
Found and removed: C:\Program Files\Java\j2re1.4.2_05
Found and removed: C:\Program Files\Java\jre1.6.0_05
Found and removed: C:\Windows\Installer\{7148F0A8-6813-11D6-A77B-00B0D0142050}
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}
Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Classes\JavaPlugin.160_05
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142050}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}
Found and removed: SOFTWARE\Classes\Installer\Products\8A0F841731866D117AB7000B0D410205
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F841731866D117AB7000B0D410205
Found and removed: SOFTWARE\Classes\JavaPlugin.142_05
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_04
Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.4.2_05
Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.4.2_05
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.4.2_05
Found and removed: Software\Classes\JavaPlugin.142_04
Found and removed: Software\Classes\JavaPlugin.142_05
Found and removed: Software\Classes\JavaPlugin.160_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\
Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01
Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05
Found and removed: Software\JavaSoft\Java2D\1.6.0_05
Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}
Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}
------------------------------------
Finished reporting.
JavaRa 1.11 Removal Log.
Report follows after line.
------------------------------------
The JavaRa removal process was started on Wed Oct 01 20:59:55 2008
------------------------------------
Finished reporting.
-
Merci Pear
Concernant les cles du registre de Explorer, voici ce que j'ai :
ClassicShel : 1
NoActiveDesktop : 0
NoActiveDesktopChanges : 00 00 00 01
NoDriveTypeAutoRun : 91
NoSaveSettings : 0
NoThemesTab : 1
Et voici un autre rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:17, on 01/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ScanSoft\PaperPort\xdcla.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\MyBuy\MyBuy.exe
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyBuy.lnk = C:\MyBuy\MyBuy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Retriever.lnk = C:\Program Files\ScanSoft\PaperPort\xdcla.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Personnel XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Personnel XII\RpcSandraSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11632 bytes
-
Bonjour pear,
Question icônes sur le bureau, c'est OK, ils sont revenus mais je n'ai plus accès à l'onglet "bureau" dans mes propriétés d'affichage, il semble avoir disparu !
J'ai également 99% de mon processeur utilisé par un nommé svchost.exe !
Est-ce que cela a un rapport, je ne sais pas ?
Voilà, en tout cas, merci beaucoup pour l'aide.
-
Voici le rapport clean :
01/10/2008 a 10:25:52,42
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Multi_Media_France\" FOUND
*** Fin du rapport !
-
Merci beaucoup pour votre réponse.
Voici le rapport de MBAM :
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1223
Windows 5.1.2600 Service Pack 3
30/09/2008 18:59:22
mbam-log-2008-09-30 (18-59-22).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 119163
Temps écoulé: 48 minute(s), 59 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\efcASMgH.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ddcAspqN.dll (Trojan.Vundo) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7499c7d9-f599-4b91-b0fc-fbea946a5692} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcaspqn (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{7499c7d9-f599-4b91-b0fc-fbea946a5692} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc55df81-85fa-4c82-aed6-127c6e70e2ec} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dc55df81-85fa-4c82-aed6-127c6e70e2ec} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7499c7d9-f599-4b91-b0fc-fbea946a5692} (Trojan.Vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\efcasmgh -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efcasmgh -> Delete on reboot.
Dossier(s) infecté(s):
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Application Data\rhcvogj0eja3\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\ddcAspqN.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\efcASMgH.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\HgMSAcfe.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\HgMSAcfe.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdbvsiyu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uyisvbdj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxxonhtb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bthnoxxo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcrogj0eja3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\ISABELLE\Local Settings\Temp\.tt1.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
-
Bonjour,
Je ne sais pas si quelqu'un sur ce forum pourra m'aider (contrairement à d'autres où mon message est resté sans réponse, voire supprimé !) mais depuis hier, mon explorer.exe ne fonctionne plus au démarrage de mon pc. Ceci est arrivé à la suite de l'ouverture d'une fenêtre "antivirus xp 2008".
Voilà, je vous poste un rapport en espérant un petit coup de main ! :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:54, on 30/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7499C7D9-F599-4B91-B0FC-FBEA946A5692} - C:\WINDOWS\system32\ddcAspqN.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {DC55DF81-85FA-4C82-AED6-127C6E70E2EC} - C:\WINDOWS\system32\efcASMgH.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: MyBuy.lnk = C:\MyBuy\MyBuy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Image Retriever.lnk = C:\Program Files\ScanSoft\PaperPort\xdcla.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: ddcAspqN - C:\WINDOWS\SYSTEM32\ddcAspqN.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Personnel XII\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Personnel XII\RpcSandraSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11079 bytes
Icônes du Bureau disparus !!!
dans Analyses et éradication malwares
Posté(e)
Voici le contenu du rapport :
[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\rapport_clean.txt: trouvé !
C:\SmitFraudfix: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\ISABELLE\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\ISABELLE\DoctorWeb\Quarantine\SmitFraudFix.exe: trouvé !
C:\Documents and Settings\ISABELLE\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
Mais je ne suis pas certaine qu'il ait supprimé quelque chose !!!!