|
|
Auteur
|
Message
|
1
|
|
|
|
bonjour a tous
j'espere qu'un expert de l'informatique pourat m'aider
j'ai un souci avec un rundll
a chaque demarage de mon pc, une fenetre s'affiche avec le message suivant :
erreur dans C:\Users\JRMY~1\AppData\Local\Temp\vvpmuhxk.dll
entrée manquante : run
voila, je sais qu'il y a des expert dans ce forum alors j'espere d'entre eux pourat m'aider
merci d'avance 
|
|
|
|
|
bonjour,
Télécharge HijackThis
Tuto réalisé par Bruce Lee : http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !
|
|
|
|
|
voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:40, on 17/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1170426076\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\3\AlertModule.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Users\Jérémy\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&p(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
O1 - Hosts: ::1 localhost
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170426076\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JRMY~1\AppData\Local\Temp\jkhfe.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\JRMY~1\AppData\Local\Temp\vvpmuhxk.dll",run
O4 - HKCU\..\Run: [e86500f8] rundll32.exe "C:\Users\JRMY~1\AppData\Local\Temp\tnfkdvir.dll",b
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolaunch(...)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8462 bytes
|
|
|
|
|
re, 
fais ceci dans l'ordre et en entier :
Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!
1/ relance hijackthis et coche les cases devant ces lignes (si présentes) :
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JRMY~1\AppData\Local\Temp\jkhfe.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\JRMY~1\AppData\Local\Temp\vvpmuhxk.dll",run
O4 - HKCU\..\Run: [e86500f8] rundll32.exe "C:\Users\JRMY~1\AppData\Local\Temp\tnfkdvir.dll",b
Puis ferme toutes les autres fenêtres autres que hijackthis et clic sur "fix checked"
2/ ferme hijackthis
3/ Télécharge ComboFix (créé par sUBs) sur ton Bureau
Copie ce qui est en citation ci-dessous (sans le mot citation) par sélection puis Ctrl-C :
File::
C:\Users\JRMY~1\AppData\Local\Temp\jkhfe.dll
C:\Users\JRMY~1\AppData\Local\Temp\vvpmuhxk.dll
C:\Users\JRMY~1\AppData\Local\Temp\tnfkdvir.dll
Folder::
C:\Program Files\AskTBar\
-Enregistre ce fichier dans: Bureau
-Nom du fichier : CFScript
-Type du fichier : tous les fichiers
-clique sur Enregistrer
-quitte le Bloc Notes
Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
bonne journée 
|
|
|
|
|
desolé pour le retard, voila le contenu du rapport
ComboFix 08-02-16.2 - Jérémy 2008-02-18 13:48:39.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.404 [GMT 1:00]
Endroit: C:\Users\Jérémy\Desktop\ComboFix.exe
Command switches used :: C:\Users\Jérémy\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
FILE
C:\Users\JRMY~1\AppData\Local\Temp\jkhfe.dll
C:\Users\JRMY~1\AppData\Local\Temp\tnfkdvir.dll
C:\Users\JRMY~1\AppData\Local\Temp\vvpmuhxk.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\AskTBar\
C:\Program Files\AskTBar\\bar\Cache\0006AC8E
C:\Program Files\AskTBar\\bar\Cache\0006B047
C:\Program Files\AskTBar\\bar\Cache\0006B383.bin
C:\Program Files\AskTBar\\bar\Cache\0006B5E5.bin
C:\Program Files\AskTBar\\bar\Cache\0006B7C9.bin
C:\Program Files\AskTBar\\bar\Cache\files.ini
C:\Program Files\AskTBar\\bar\History\search2
C:\Program Files\AskTBar\\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\\PopSwatr\History\allowed
C:\Program Files\AskTBar\\PopSwatr\History\notallow
C:\Users\JRMY~1\AppData\Local\Temp\jkhfe.dll
C:\Users\JRMY~1\AppData\Local\Temp\tnfkdvir.dll
C:\Users\JRMY~1\AppData\Local\Temp\vvpmuhxk.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.
2008-02-17 10:31 . 2008-01-10 06:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-15 13:05 . 2008-02-15 13:05 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-15 13:05 . 2008-02-15 13:05 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-14 19:55 . 2008-02-14 19:55 613,888 --a------ C:\Windows\System32\wpd_ci.dll
2008-02-14 19:55 . 2008-02-14 19:55 558,080 --a------ C:\Windows\System32\oleaut32.dll
2008-02-14 19:55 . 2008-02-14 19:55 260,096 --a------ C:\Windows\System32\dpx.dll
2008-02-14 19:55 . 2008-02-14 19:55 224,824 --a------ C:\Windows\System32\clfs.sys
2008-02-14 19:55 . 2008-02-14 19:55 221,696 --a------ C:\Windows\System32\umpnpmgr.dll
2008-02-14 19:55 . 2008-02-14 19:55 101,888 --a------ C:\Windows\System32\drvinst.exe
2008-02-14 19:55 . 2008-02-14 19:55 19,456 --a------ C:\Windows\System32\cfgmgr32.dll
2008-02-14 19:55 . 2008-02-14 19:55 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-02-14 19:53 . 2008-02-14 19:53 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-14 19:52 . 2008-02-14 19:52 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 19:52 . 2008-02-14 19:52 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-14 19:49 . 2008-02-14 19:49 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-14 19:49 . 2008-02-14 19:49 824,832 --a------ C:\Windows\System32\wininet.dll
2008-02-13 20:50 . 2008-02-13 20:50 <REP> d-------- C:\VundoFix Backups
2008-02-12 13:01 . 2008-02-12 12:25 218,504 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-02-12 12:55 . 2008-02-12 12:55 <REP> d-------- C:\Users\All Users\PC Tools
2008-02-12 12:55 . 2008-02-12 12:55 <REP> d-------- C:\ProgramData\PC Tools
2008-02-12 12:25 . 2008-02-12 12:54 <REP> d-------- C:\Program Files\Common Files\PC Tools
2008-02-11 18:40 . 2003-02-02 19:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-02-11 18:40 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-02-07 19:30 . 2005-09-23 07:29 626,688 --a------ C:\Windows\System32\msvcr80.dll
2008-02-07 19:05 . 2008-02-12 12:18 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-02-07 18:58 . 2008-02-07 18:58 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-02-07 18:42 . 2008-02-07 18:42 <REP> d-------- C:\Users\Jérémy\AppData\Roaming\PC Tools
2008-02-07 18:42 . 2008-02-16 23:34 <REP> d-------- C:\Program Files\Spyware Doctor
2008-02-07 18:42 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-07 18:42 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-07 18:42 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-07 18:42 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-02 15:41 . 2008-02-02 15:41 <REP> d-------- C:\Users\Alicia\AppData\Roaming\Symantec
2008-01-27 13:33 . 2008-01-27 13:33 <REP> d-------- C:\Users\Jérémy\AppData\Roaming\Symantec
2008-01-27 13:29 . 2008-01-29 17:22 <REP> d-------- C:\Program Files\Norton Internet Security
2008-01-27 13:26 . 2008-01-29 16:55 123,952 --a------ C:\Windows\System32\drivers\SYMEVENT.SYS
2008-01-27 13:26 . 2008-01-29 16:55 10,740 --a------ C:\Windows\System32\drivers\SYMEVENT.CAT
2008-01-27 13:26 . 2008-01-29 16:55 805 --a------ C:\Windows\System32\drivers\SYMEVENT.INF
2008-01-21 20:14 . 2008-01-21 20:14 <REP> d-------- C:\Users\All Users\FLEXnet
2008-01-21 20:14 . 2008-01-21 20:14 <REP> d-------- C:\ProgramData\FLEXnet
2008-01-21 19:41 . 2008-01-21 19:41 <REP> d-------- C:\Program Files\Bonjour
2008-01-21 19:31 . 2008-01-21 19:31 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-19 17:26 . 2008-01-19 17:26 327,680 --a------ C:\Windows\System32\mysidesearch_sidebar.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 12:55 4,456,448 --sha-w C:\Users\Jérémy\NTUSER.DAT
2008-02-18 12:55 4,456,448 --sha-w C:\Users\Jérémy\NTUSER.DAT
2008-02-18 11:08 --------- d---a-w C:\ProgramData\TEMP
2008-02-18 00:49 --------- d-----w C:\ProgramData\Symantec
2008-02-14 18:53 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 18:53 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 18:53 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 18:53 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 18:53 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 18:53 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 18:53 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 18:53 20,024 ----a-w C:\Windows\system32\drivers\viaide.sys
2008-02-14 18:53 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 18:53 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 18:53 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 18:52 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 18:52 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 18:52 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 18:52 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 18:48 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 18:48 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 18:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 19:47 --------- d-----w C:\Users\Jérémy\AppData\Roaming\LimeWire
2008-02-12 11:42 --------- d-----w C:\ProgramData\Roxio
2008-02-12 10:55 --------- d-----w C:\Program Files\Google
2008-02-11 21:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-11 21:15 --------- d-----w C:\Program Files\GamesBar
2008-02-07 17:42 --------- d-----w C:\Users\Jérémy\AppData\Roaming\PC Tools
2008-01-29 15:55 --------- d-----w C:\Program Files\Symantec
2008-01-27 12:33 --------- d-----w C:\Users\Jérémy\AppData\Roaming\Symantec
2008-01-22 19:51 84,729 ----a-w C:\Windows\System32\mysidesearch_sidebar_uninstall.exe
2008-01-21 21:02 --------- d-----w C:\Users\Jérémy\AppData\Roaming\Adobe
2008-01-21 18:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\coh_mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-14 18:31 --------- d-----w C:\Program Files\Norton Security Scan
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-11 17:27 --------- d-----w C:\ProgramData\Nero
2008-01-11 17:27 --------- d-----w C:\Program Files\Common Files\Nero
2008-01-09 19:14 --------- d-----w C:\Users\Jérémy\AppData\Roaming\AutoTransfer
2008-01-09 18:57 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 15:18 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 15:18 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 15:17 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 15:17 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 13:15 --------- d-----w C:\Program Files\YesMessenger
2008-01-07 05:54 --------- d-----w C:\Program Files\EA SPORTS
2008-01-06 18:19 --------- d-----w C:\Users\Jérémy\AppData\Roaming\OFFICEOne7
2008-01-05 10:15 77,379 ----a-w C:\Windows\System32\dcads_sidebar_uninstall.exe
2008-01-05 10:15 --------- d-----w C:\Program Files\Dcads Games Collection
2007-12-28 10:47 685,816 ----a-w C:\Windows\system32\drivers\sptd.sys
2007-12-26 12:53 --------- d-----w C:\Users\Jérémy\AppData\Roaming\Samsung
2007-12-25 21:12 --------- d-----w C:\ProgramData\GamesBar
2007-12-25 15:37 --------- d-----w C:\Program Files\Gamenext
2007-12-25 13:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-25 13:32 --------- d-----w C:\Program Files\Samsung
2007-12-25 13:24 --------- d-----w C:\Program Files\Windows Live
2007-12-25 13:21 --------- d-----w C:\Program Files\MSN Messenger
2007-12-25 13:11 --------- d-----w C:\ProgramData\WLInstaller
2007-12-24 13:22 --------- d-----w C:\ProgramData\Arcade Lab
2007-12-24 10:50 --------- d-----w C:\Program Files\Common Files\aol
2007-12-22 18:01 --------- d-----w C:\Users\Alicia\AppData\Roaming\AOL
2007-12-12 12:49 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 12:49 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 12:49 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-11 19:46 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-12-11 19:46 118,520 ------w C:\Windows\System32\pxinsi64.exe
2007-12-11 19:45 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-12-11 19:43 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-12-04 17:08 1,234 ----a-w C:\Users\Jérémy\AppData\Roaming\wklnhst.dat
2007-11-29 11:01 142 ----a-w C:\Users\Alicia\AppData\Roaming\wklnhst.dat
2007-11-25 19:23 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2007-08-30 13:19 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-31 17:08 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 16:17 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 15:49 1092152]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 11:33 5207368]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-09 21:42 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 10:57 3784704 C:\Windows\RtHDVCpl.exe]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-07 20:25 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-07 20:25 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-07 20:25 81920]
"HostManager"="C:\Program Files\Common Files\AOL\1170426076\ee\AOLSoftware.exe" [2006-11-14 14:55 50736]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 21:08 228088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-10 11:40 1836544]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-01-10 10:00 18944]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 18:16 90112]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-31 13:15 51048]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
OFFICE One Startup v7.lnk - C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe [2007-02-02 15:38:54 713728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080215.001\IDSvix86.sys [2008-02-13 17:18]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-02-12 12:25]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2008-01-31 13:15]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-15 04:13]
R3 SymIMMP;SymIMMP;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-08-13 13:50]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-31 11:49]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-01-12 18:32]
S3 hid8101;hid8101;C:\Windows\system32\drivers\hid8101.SYS [2006-10-23 11:42]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 20:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 20:46]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\Windows\system32\DRIVERS\SymIM.sys [2007-08-09 17:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c804fac-bee5-11dc-bb49-00038a000015}]
\shell\AutoRun\command - I:\AutoTransfer.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4b353ea-7f21-11dc-94c7-00038a000015}]
\shell\AutoRun\command - J:\LaunchU3.exe
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-18 12:30:02 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-02-11 20:39:45 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Jérémy.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
"2008-02-15 14:00:00 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-02-18 12:30:02 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-02-18 12:55:00 C:\Windows\Tasks\User_Feed_Synchronization-{F830D424-3DEA-4AC1-A99C-B47E4A577AA5}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 13:55:49
Windows 6.0.6000 NTFS
detected NTDLL code modification:
ZwClose
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-18 13:57:22
ComboFix-quarantined-files.txt 2008-02-18 12:57:14
ComboFix2.txt 2008-02-13 19:05:45
.
2008-02-17 10:18:33 --- E O F ---
|
|
|
|
|
|
bonjour, post un nouveau rapport hijackthis
|
|
|
|
|
|
|
voila le nouveau rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:17, on 19/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1170426076\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\3\AlertModule.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Users\Jérémy\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&p(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1170426076\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://gamenextfr.oberon-media.com/online/online2/luxor_amun_rising/mjolaunch(...)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\1\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 9046 bytes
|
|
|
|
|
Bonjour,
Le problème a-t-il été résolu ? J'ai le même souci et j'aimerais savoir si la solution est bonne.
Une des astuces pour s'en débarasser est de changer de compte d'utilisateur en passant par le mode sans échec, mais cela ne garantit pas d'enlever le spyware ...
|
|
|
|
|
|
oui le message ne s'affiche plus mais bon je trouve que mon pc est toujours long
|
|
|
|
|
bonsoir,
1/ Télécharge et installe CCleaner
Guide d'utilisation de CCleaner : http://mickael.barroux.free.fr/securite/ccleaner.php
Note : Lors de l'installation, sur l'écran "Options d'installation", décocher la case située devant "Ajouter la barre d'outils Yahoo! CCleaner"
Lance CCleaner puis bouton Analyse ensuite Bouton Lancer le Nettoyage
2/ Fais un scan en ligne Kaspersky avec Internet Explorer (lance Internet Explorer en tant que -> "administrateur")
Dans la nouvelle fenêtre, clique sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE :
Tutoriel
Configurer le contrôle des ActiveX
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
bonne soirée 
|
|
|
1
|
|
|
|
