[Résolu...ben non...] Win32:Tenga indelogeable
Win32:Tenga indelogeable [Résolu...ben non...] - Sécurité - Windows & Software
Marsh Posté le 16-08-2006 à 01:28:06
Bonsoir LargoWinch38,
/*\ Laisse-moi tout d'abord te remercier pour ta patience...
* Suis scrupuleusement cette procédure. Si tu as des questions, surtout, n'hésite pas à les poser ; nous sommes là pour t'aider *
--> Comme tu devras redémarrer en mode sans échec, je te conseille d'imprimer les instructions suivantes...
1) Crée un point de restauration du système : http://www.vulgarisation-informati [...] ration.php
2) Télécharge les programmes suivants (mets-le sur ton bureau) :
* Cleanup de Steven Gould : http://www.stevengould.org/downloa [...] nUp452.exe
* RegCleaner de Jouni Vuorio: http://pierre.szwarc.free.fr/Files/RegCleaner.exe
3) Redémarre ta machine en mode sans échec sur ta session : http://service1.symantec.com/suppo [...] 5112131924
4) Relance HijackThis et coche les lignes suivantes :
O4 - HKLM\..\Run: [RemoveWGA] f:\Temp\Rar$EX00.531\RemoveWGA.exe -startup
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Onduleur (UPS) - Unknown owner - D:\WINDOWS\System32\ups2.exe (file missing)
------> Clique ensuite sur "Fix Checked"
5) Lance alors un scan complet avec "Avast" et supprime (ou mets en quarantaine) tout ce qu'il trouve...
5) Toujours en mode sans échec, installe et exécute "Cleanup"
6) Lance le programme et clique sur "Cleanup", puis sur "NON" pour rendre le nettoyage effectif
7) Redémarre l'ordinateur en mode normal
8) Ouvre le fichier suivant avec le bloc-note : C:\WINDOWS\system32\drivers\etc
---> Copie-colle son contenu sur ce forum
9) Supprime tous les fichiers du dossier d:\windows\prefetch\ (sauf le fichier "layout.ini" )
10) Reposte ici un log HijackThis...
/*\ Comment se porte ton ordinateur ?
/*\ As-tu encore des problèmes ?
------> Laisse-moi à nouveau te remercier pour ta confiance en ce forum...
Bonne chance et bonne journée à toi !
Marsh Posté le 17-08-2006 à 10:05:49
| CleanDows a écrit : Bonsoir LargoWinch38, |
Bonjour/soir
| CleanDows a écrit : |
Inutilisé celui-ci ?
| CleanDows a écrit : |
De quel fichier s'agit-il ?
| CleanDows a écrit : ---> Copie-colle son contenu sur ce forum |
Logfile of HijackThis v1.99.1
Scan saved at 10:01:10, on 17/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
E:\Program Files\_Outils\_Securite\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedul2.exe
E:\Program Files\_Outils\_Securite\Avast4\aswUpdSv.exe
E:\Program Files\_Outils\_Securite\Avast4\ashServ.exe
E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4ss.exe
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\RunSC.exe
E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4gui.exe
D:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\PCtl.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\BIL.EXE
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\CILRS232.EXE
D:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\_Outils\_Systeme\_Peripheriques\Logitech\iTouch\iTouch.exe
E:\PROGRA~1\_Outils\_SECUR~1\Avast4\ashDisp.exe
E:\Program Files\_Outils\_Systeme\Powertoys XP\taskswitch.exe
E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\point32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\_Outils\_Securite\Windows Defender\MSASCui.exe
E:\Program Files\_Outils\_Securite\Avast4\ashMaiSv.exe
E:\Program Files\_Outils\_Securite\Avast4\ashWebSv.exe
E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe
E:\Program Files\_Zen_Vrac\MSN Messenger\msnmsgr.exe
E:\Program Files\_Outils\_Systeme\AI Roboform\RoboTaskBarIcon.exe
E:\Program Files\_Outils\_Systeme\_Composants\SpeedFan\speedfan.exe
E:\Program Files\_Outils\_Systeme\UltraMon\UltraMon.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\_Outils\_Internet&Reseaux\BWMeter\BWMeter\BWMeter.exe
E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4gui.exe
D:\WINDOWS\explorer.exe
E:\Program Files\_Internet\Maxthon\Maxthon.exe
D:\WINDOWS\system32\wuauclt.exe
E:\Program Files\_Bureautique\Microsoft Office\OFFICE11\OUTLOOK.EXE
J:\_Catalogues d'indispensables et installés\90. Utilitaires\_Sécurité\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\_Accessoires\Acrobat Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\_Outils\_SECUR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\_zen_vrac\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\_zen_vrac\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\_Outils\_Systeme\_Peripheriques\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\_Outils\_SECUR~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CoolSwitch] E:\Program Files\_Outils\_Systeme\Powertoys XP\taskswitch.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\_Outils\_Securite\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NVIDIA nTune] "E:\Program Files\_Outils\_Systeme\_Composants\Nvidia nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\_Zen_Vrac\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RoboForm] "E:\Program Files\_Outils\_Systeme\AI Roboform\RoboTaskBarIcon.exe"
O4 - Startup: UltraMon.lnk = E:\Program Files\_Outils\_Systeme\UltraMon\UltraMon.exe
O4 - Startup: BWMeter.lnk = E:\Program Files\_Outils\_Internet&Reseaux\BWMeter\BWMeter\BWMeter.exe
O4 - Global Startup: SpeedFan.lnk = E:\Program Files\_Outils\_Systeme\_Composants\SpeedFan\speedfan.exe
O8 - Extra context menu item: Barre RoboForm - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O9 - Extra button: Générateur - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Générateur - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComPasswordGenerator.html
O9 - Extra button: Déconnexion - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComLogoff.html
O9 - Extra 'Tools' menuitem: Déconnexion - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComLogoff.html
O9 - Extra button: Cartes - {45DB34C3-955C-11D3-ABEF-444553540001} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Cartes - {45DB34C3-955C-11D3-ABEF-444553540001} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComEditPass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9179998940
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com [...] loader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\_ZEN_V~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\_ZEN_V~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\_Zen_Vrac\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4ss.exe
O23 - Service: MGE Service module - Unknown owner - E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\RunSC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Onduleur (UPS) - Unknown owner - D:\WINDOWS\System32\ups2.exe (file missing)
| CleanDows a écrit : |
Ben pour l'instant, ca va 
| CleanDows a écrit : |
Je ne sais pas encore 
| CleanDows a écrit : |
C'est moi qui te remercie pour ton aide.
Largo
Message édité par LargoWinch38 le 17-08-2006 à 10:06:04
Marsh Posté le 17-08-2006 à 21:26:59
Bonsoir LargoWinch38,
Ton rapport HijackThis est propre ; tu peux encore juste cocher cette ligne-ci si tu n'utilises pas régulièrement le scan en ligne de "Secuser":
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
En ce qui concerne RegCleaner, j'attendais de voir le comportement de ta machine avant de l'utiliser... Je préfère le laisser pour la fin !
| Citation : De quel fichier s'agit-il ? |
---> Je m'excuse pour ma distraction, il s'agit du fichier "C:\WINDOWS\system32\drivers\etc\hosts"
---> Merci de poster le contenu du fichier texte sur le forum...
Si tu n'as plus de problème, installe et exécute "RegCleaner"
* Clique ensuite sur "Tools"
* Sélectionne l'option "Registry Cleanup"
* Prends ensuite "Automatic Registry Cleaner"
* Sélectionne toutes les clefs trouvées ("Select" -> "All" ) et clique sur "Remove Selected"
En espérant que tout tourne à merveille, je te souhaite une excellente soirée !
Merci pour ta confiance en ce forum 
Marsh Posté le 17-08-2006 à 21:50:10
Bonsoir
| CleanDows a écrit : Bonsoir LargoWinch38,
|
Ok. Rien que du très classique :
# Copyright (c) 1993-1999 Microsoft Corp.
#
# Ceci est un exemple de fichier HOSTS utilisé par Microsoft TCP/IP
# pour Windows.
#
# Ce fichier contient les correspondances des adresses IP aux noms d'hôtes.
# Chaque entrée doit être sur une ligne propre. L'adresse IP doit être placée
# dans la première colonne, suivie par le nom d'hôte correspondant. L'adresse
# IP et le nom d'hôte doivent être séparés par au moins un espace.
#
# De plus, des commentaires (tels que celui-ci) peuvent être insérés sur des
# lignes propres ou après le nom d'ordinateur. Ils sont indiqué par le
# symbole '#'.
#
# Par exemple :
#
# 102.54.94.97 rhino.acme.com # serveur source
# 38.25.63.10 x.acme.com # hôte client x
127.0.0.1 localhost
| CleanDows a écrit : |
Ok, je vais ca.
| Citation : |
Merci pour ton aide 
Marsh Posté le 17-08-2006 à 22:11:42
Super LargoWinch38 !!!
Normalement, si tu "surfes malin" et que tu appliques bien les mises à jour, tu devrais rester tranquille un bon moment !
Tu peux éditer le titre de ton topic et y ajouter la mention [Résolu] si tu veux...
Bonne nuit ! 
Marsh Posté le 25-08-2006 à 01:28:18
Bonjour
Et bien voilà, ca a tenu 7jours... De nouveau 5 fichiers corrompus par Tenga... Toujours sur le meme disque 
Je referai un HijackThis demain...
Marsh Posté le 29-08-2006 à 00:41:59
| LargoWinch38 a écrit : Bonjour |
Que le temps passe vite... 
Voila donc le rapport :
Logfile of HijackThis v1.99.1
Scan saved at 00:40:14, on 29/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
E:\Program Files\_Outils\_Securite\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedul2.exe
E:\Program Files\_Outils\_Securite\Avast4\aswUpdSv.exe
E:\Program Files\_Outils\_Securite\Avast4\ashServ.exe
E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4ss.exe
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\RunSC.exe
D:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\PCtl.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4gui.exe
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\BIL.EXE
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\CILRS232.EXE
E:\Program Files\_Outils\_Securite\Avast4\ashMaiSv.exe
D:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\_Outils\_Securite\Avast4\ashWebSv.exe
D:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\_Outils\_Systeme\_Peripheriques\Logitech\iTouch\iTouch.exe
E:\PROGRA~1\_Outils\_SECUR~1\Avast4\ashDisp.exe
E:\Program Files\_Outils\_Systeme\Powertoys XP\taskswitch.exe
E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\point32.exe
E:\Program Files\_Outils\_Securite\Windows Defender\MSASCui.exe
E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe
E:\Program Files\_Zen_Vrac\MSN Messenger\msnmsgr.exe
E:\Program Files\_Outils\_Systeme\AI Roboform\RoboTaskBarIcon.exe
E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4gui.exe
E:\Program Files\_Outils\_Systeme\_Composants\SpeedFan\speedfan.exe
E:\Program Files\_Outils\_Systeme\UltraMon\UltraMon.exe
E:\Program Files\_Outils\_Internet&Reseaux\BWMeter\BWMeter\BWMeter.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\dllhost.exe
E:\Program Files\_Outils\_Systeme\_Composants\SpeedFan\speedfan.exe
D:\WINDOWS\Explorer.EXE
J:\_Catalogues d'indispensables et installés\90. Utilitaires\_Sécurité\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\_Zen_Vrac\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\_Zen_Vrac\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\_Accessoires\Acrobat Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\_Outils\_Securite\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\_zen_vrac\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\_zen_vrac\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\_Zen_Vrac\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\_Outils\_Systeme\_Peripheriques\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\_Outils\_SECUR~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CoolSwitch] E:\Program Files\_Outils\_Systeme\Powertoys XP\taskswitch.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\_Outils\_Securite\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NVIDIA nTune] "E:\Program Files\_Outils\_Systeme\_Composants\Nvidia nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\_Zen_Vrac\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RoboForm] "E:\Program Files\_Outils\_Systeme\AI Roboform\RoboTaskBarIcon.exe"
O4 - Startup: UltraMon.lnk = E:\Program Files\_Outils\_Systeme\UltraMon\UltraMon.exe
O4 - Startup: BWMeter.lnk = E:\Program Files\_Outils\_Internet&Reseaux\BWMeter\BWMeter\BWMeter.exe
O4 - Global Startup: SpeedFan.lnk = E:\Program Files\_Outils\_Systeme\_Composants\SpeedFan\speedfan.exe
O8 - Extra context menu item: Barre RoboForm - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O9 - Extra button: Générateur - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Générateur - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComPasswordGenerator.html
O9 - Extra button: Déconnexion - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComLogoff.html
O9 - Extra 'Tools' menuitem: Déconnexion - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComLogoff.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\_ZEN_V~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\_ZEN_V~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: Cartes - {45DB34C3-955C-11D3-ABEF-444553540001} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Cartes - {45DB34C3-955C-11D3-ABEF-444553540001} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComEditPass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\_Zen_Vrac\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9179998940
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com [...] loader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\_ZEN_V~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\_ZEN_V~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\_Zen_Vrac\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4ss.exe
O23 - Service: MGE Service module - Unknown owner - E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\RunSC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Onduleur (UPS) - Unknown owner - D:\WINDOWS\System32\ups2.exe (file missing)
Si tu pouvais y jeter un oeil...
Merci
Marsh Posté le 29-08-2006 à 01:11:18
Bonsoir LargoWinch38,
Rien n'est visible dans ton rapport...
Si tout a tenu 7 jours, il est très probable que tu aies lancé un programme piégé... Il faudra essayer de trouver lequel...
/* Télécharge et exécute SilentRunners : http://www.silentrunners.org/Silent%20Runners.vbs
--> Lance un scan et poste le rapport
/* Télécharge et exécute BlackLight : https://europe.f-secure.com/exclude [...] blbeta.exe
--> Lance un scan et poste le rapport
/* Répète les procédures suivantes :
1) Redémarre ta machine en mode sans échec sur ta session : http://service1.symantec.com/suppo [...] 5112131924
2) Relance HijackThis et coche la ligne suivante :
O23 - Service: Onduleur (UPS) - Unknown owner - D:\WINDOWS\System32\ups2.exe (file missing)
------> Clique ensuite sur "Fix Checked"
3) Lance alors un scan complet avec "Avast" et supprime (ou mets en quarantaine) tout ce qu'il trouve...
4) Toujours en mode sans échec, relance "Cleanup"
5) Redémarre l'ordinateur en mode normal
6) Supprime tous les fichiers du dossier d:\windows\prefetch\ (sauf le fichier "layout.ini" )
7) Reposte ici un log HijackThis...
---> Je devrais donc voir 3 rapports, nous créerons un point de restauration quand tout sera "clean" afin de te permettre de nettoyer plus vite ton système si tu te refaisais infecter...
----> Bon courage à toi ! 
Marsh Posté le 30-08-2006 à 00:52:51
Bonsoir,
je vais faire tout ca d'ici un jour ou 2 et reviens donner les résultats.
Merci pour ta patience et ton aide.
Par contre, j'y pense, j'ai lu ça et là de très mauvaises critiques sur RegCleaner (ménage un peu trop "sévère" ). J'ai préféré passer easycleaner 
Marsh Posté le 30-08-2006 à 07:37:30
Salut LargoWinch38,
Tu t'occupes de la machine quand cela t'arrange...
En ce qui concerne "RegCleaner", il est utilisé sur les plus grands forums de désinfection !
Alors oui, comme il s'agit d'un outil de sécurité, il est capable d'endommager ton système, mais il crée des backups, et ne pose jamais de problème dans le cadre d'une "bonne" utilisation...
Bien à toi,
Marsh Posté le 30-08-2006 à 21:17:25
| CleanDows a écrit : Salut LargoWinch38, |
Je m'en occupe surtout quand j'ai le temps. Un scan complet et à fond avec Avast me prends plusieurs heures...
Je suivrais donc ton conseil a propos de RegCleaner, puisque tu sembles convaincu que c'est un bon outil.
A tout', je finis la procédure...
Message édité par LargoWinch38 le 31-08-2006 à 01:15:06
Marsh Posté le 31-08-2006 à 01:14:55
| CleanDows a écrit : Bonsoir LargoWinch38, |
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = ""E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."]
"msnmsgr" = ""E:\Program Files\_Zen_Vrac\MSN Messenger\msnmsgr.exe" /background" [MS]
"RoboForm" = ""E:\Program Files\_Outils\_Systeme\AI Roboform\RoboTaskBarIcon.exe"" ["Siber Systems"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"zBrowser Launcher" = "E:\Program Files\_Outils\_Systeme\_Peripheriques\Logitech\iTouch\iTouch.exe" ["Logitech Inc."]
"avast!" = "E:\PROGRA~1\_Outils\_SECUR~1\Avast4\ashDisp.exe" [null data]
"Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS]
"CoolSwitch" = "E:\Program Files\_Outils\_Systeme\Powertoys XP\taskswitch.exe" [null data]
"IntelliPoint" = ""E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\point32.exe"" [MS]
"Windows Defender" = ""E:\Program Files\_Outils\_Securite\Windows Defender\MSASCui.exe" -hide" [MS]
"NVIDIA nTune" = ""E:\Program Files\_Outils\_Systeme\_Composants\Nvidia nTune\\nTune.exe" clear" ["NVIDIA"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "E:\Program Files\_Zen_Vrac\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "E:\Program Files\_Accessoires\Acrobat Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Securite\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{724d43a9-0d85-11d4-9908-00400523e39a}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll" ["Siber Systems"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "e:\program files\_zen_vrac\google\googletoolbar1.dll" ["Google Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Securite\Avast4\ashShell.dll" ["ALWIL Software"]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]
"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"
-> {HKLM...CLSID} = "Page de propriétés sans fil"
\InProcServer32\(Default) = ""E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\ipcplwir.dll"" [MS]
"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés de la roulette"
\InProcServer32\(Default) = ""E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\ipcplwhl.dll"" [MS]
"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des activités"
\InProcServer32\(Default) = ""E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\ipcplact.dll"" [MS]
"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"
-> {HKLM...CLSID} = "Page des propriétés des boutons"
\InProcServer32\(Default) = ""E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\ipcplbtn.dll"" [MS]
"{58670320-13EC-11D0-BF8E-F7B4D9CD8E4A}" = "Folder Size Shell Extension v3.2"
-> {HKLM...CLSID} = "Folder Size Shell Extension v3.2"
\InProcServer32\(Default) = "D:\WINDOWS\system32\Shellext\dfolder.dll" ["Orium Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Disques\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\_Bureautique\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Mes dossiers de partage"
\InProcServer32\(Default) = "E:\Program Files\_Zen_Vrac\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
-> {HKLM...CLSID} = "ImageExtractorShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\_Bureautique\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
-> {HKLM...CLSID} = "CInfoTipShellExt Class"
\InProcServer32\(Default) = "E:\Program Files\_Bureautique\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Disques\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "D:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "D:\WINDOWS\system32\dfshim.dll" [MS]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "E:\PROGRA~1\_ZEN_V~1\YAHOO!\COMMON\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
\InProcServer32\(Default) = "E:\PROGRA~1\_Outils\_SECUR~1\WINDOW~1\MpShHook.dll" [MS]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\_Zen_Vrac\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\_Accessoires\Acrobat Reader\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Securite\Avast4\ashShell.dll" ["ALWIL Software"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Disques\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Disques\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "E:\PROGRA~1\_ZEN_V~1\YAHOO!\COMMON\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Disques\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Disques\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Securite\Avast4\ashShell.dll" ["ALWIL Software"]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"
-> {HKLM...CLSID} = "PowerISO"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Disques\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Disques\WinRAR\rarext.dll" [null data]
Default executables:
--------------------
HKCU\Software\Classes\piffile\
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\Stef\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\plusmpix.scr" [MS]
Startup items in "Stef" & "All Users" startup folders:
------------------------------------------------------
D:\Documents and Settings\Stef\Menu Démarrer\Programmes\Démarrage
"UltraMon" -> shortcut to: "E:\Program Files\_Outils\_Systeme\UltraMon\UltraMon.exe" ["Realtime Soft"]
"BWMeter" -> shortcut to: "E:\Program Files\_Outils\_Internet&Reseaux\BWMeter\BWMeter\BWMeter.exe" [null data]
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"SpeedFan" -> shortcut to: "E:\Program Files\_Outils\_Systeme\_Composants\SpeedFan\speedfan.exe" ["Almico Software (www.almico.com)"]
Enabled Scheduled Tasks:
------------------------
"MP Scheduled Scan" -> launches: "E:\Program Files\_Outils\_Securite\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\_zen_vrac\google\googletoolbar1.dll" ["Google Inc."]
"{724D43A0-0D85-11D4-9908-00400523E39A}"
-> {HKLM...CLSID} = "&RoboForm"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll" ["Siber Systems"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "e:\program files\_zen_vrac\google\googletoolbar1.dll" ["Google Inc."]
"{724D43A0-0D85-11D4-9908-00400523E39A}" = (no title provided)
-> {HKLM...CLSID} = "&RoboForm"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll" ["Siber Systems"]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "E:\Program Files\_Zen_Vrac\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "E:\PROGRA~1\_ZEN_V~1\YAHOO!\COMMON\yhexbmesfr.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "E:\PROGRA~1\_ZEN_V~1\YAHOO!\COMMON\yhexbmesfr.dll" ["Yahoo! Inc."]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_07"
\InProcServer32\(Default) = "E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\npjpi150_07.dll" ["Sun Microsystems, Inc."]
{320AF880-6646-11D3-ABEE-C5DBF3571F46}\
"ButtonText" = "Remplir"
"MenuText" = "Remplir le formulaire"
"Script" = "file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html" [file not found]
{320AF880-6646-11D3-ABEE-C5DBF3571F49}\
"ButtonText" = "Enregistrer"
"MenuText" = "Enregistrer le formulaire"
"Script" = "file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html" [file not found]
{320AF880-6646-11D3-ABEE-C5DBF3571F50}\
"ButtonText" = "Générateur"
"MenuText" = "Générateur"
"Script" = "file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComPasswordGenerator.html" [file not found]
{320AF880-6646-11D3-ABEE-C5DBF3571F55}\
"ButtonText" = "Déconnexion"
"MenuText" = "Déconnexion"
"Script" = "file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComLogoff.html" [file not found]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\PROGRA~1\_ZEN_V~1\YAHOO!\COMMON\yhexbmesfr.dll" ["Yahoo! Inc."]
{45DB34C3-955C-11D3-ABEF-444553540001}\
"ButtonText" = "Cartes"
"MenuText" = "Cartes"
"Script" = "file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComEditPass.html" [file not found]
{724D43AA-0D85-11D4-9908-00400523E39A}\
"ButtonText" = "Barre RoboForm"
"MenuText" = "Barre RoboForm"
"Script" = "file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html" [file not found]
{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherche"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
D:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings" )
Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"
Missing lines (compared with English-language version):
[Strings]: 1 line
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*c" (unwritable string)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "E:\Program Files\_Zen_Vrac\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Acronis Scheduler2 Service, AcrSch2Svc, ""E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedul2.exe"" ["Acronis"]
avast! Antivirus, avast! Antivirus, ""E:\Program Files\_Outils\_Securite\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""E:\Program Files\_Outils\_Securite\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""E:\Program Files\_Outils\_Securite\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""E:\Program Files\_Outils\_Securite\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
HTTP SSL, HTTPFilter, "D:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"D:\WINDOWS\System32\w3ssl.dll" [MS]}
MGE Service module, MGE Service module, "E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\RunSC.exe" [null data]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Sunbelt Kerio Personal Firewall 4, KPF4, ""E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"]
Windows Defender Service, WinDefend, ""E:\Program Files\_Outils\_Securite\Windows Defender\MsMpEng.exe"" [MS]
Windows User Mode Driver Framework, UMWdf, "D:\WINDOWS\system32\wdfmgr.exe" [MS]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor PIXMA iP3000\Driver = "CNMLM61.DLL" ["CANON INC."]
Canon BJ Language Monitor S520\Driver = "CNMLM3m.DLL" ["CANON INC."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 37 seconds, including 13 seconds for message boxes)
| CleanDows a écrit : |
08/30/06 00:56:18 [Info]: BlackLight Engine 1.0.46 initialized
08/30/06 00:56:18 [Info]: OS: 5.1 build 2600 (Service Pack 2)
08/30/06 00:56:18 [Note]: 7019 4
08/30/06 00:56:18 [Note]: 7005 0
08/30/06 00:56:26 [Note]: 7006 0
08/30/06 00:56:26 [Note]: 7011 1052
08/30/06 00:56:26 [Note]: 7026 0
08/30/06 00:56:26 [Note]: 7026 0
08/30/06 00:56:33 [Note]: FSRAW library version 1.7.1019
08/30/06 00:57:27 [Note]: 7007 0
| CleanDows a écrit : |
Pas moyen de le virer... J'ai essayé 2 fois en mode sans echec, 2 fois en mode normal dont une avec desactivation de la restauration système...
| CleanDows a écrit : |
Logfile of HijackThis v1.99.1
Scan saved at 01:02:04, on 31/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
E:\Program Files\_Outils\_Securite\Windows Defender\MsMpEng.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
J:\_Catalogues d'indispensables et installés\90. Utilitaires\_Sécurité\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\_Zen_Vrac\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\_Zen_Vrac\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\_Accessoires\Acrobat Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\_Outils\_Securite\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\_zen_vrac\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\_zen_vrac\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\_Zen_Vrac\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\_Outils\_Systeme\_Peripheriques\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\_Outils\_SECUR~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CoolSwitch] E:\Program Files\_Outils\_Systeme\Powertoys XP\taskswitch.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\_Outils\_Securite\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NVIDIA nTune] "E:\Program Files\_Outils\_Systeme\_Composants\Nvidia nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\_Zen_Vrac\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RoboForm] "E:\Program Files\_Outils\_Systeme\AI Roboform\RoboTaskBarIcon.exe"
O4 - Startup: UltraMon.lnk = E:\Program Files\_Outils\_Systeme\UltraMon\UltraMon.exe
O4 - Startup: BWMeter.lnk = E:\Program Files\_Outils\_Internet&Reseaux\BWMeter\BWMeter\BWMeter.exe
O4 - Global Startup: SpeedFan.lnk = E:\Program Files\_Outils\_Systeme\_Composants\SpeedFan\speedfan.exe
O8 - Extra context menu item: Barre RoboForm - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O9 - Extra button: Générateur - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Générateur - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComPasswordGenerator.html
O9 - Extra button: Déconnexion - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComLogoff.html
O9 - Extra 'Tools' menuitem: Déconnexion - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComLogoff.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\_ZEN_V~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRA~1\_ZEN_V~1\YAHOO!\COMMON\yhexbmesfr.dll
O9 - Extra button: Cartes - {45DB34C3-955C-11D3-ABEF-444553540001} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Cartes - {45DB34C3-955C-11D3-ABEF-444553540001} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComEditPass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\_Zen_Vrac\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9179998940
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com [...] loader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\_ZEN_V~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\_ZEN_V~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\_Zen_Vrac\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4ss.exe
O23 - Service: MGE Service module - Unknown owner - E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\RunSC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Onduleur (UPS) - Unknown owner - D:\WINDOWS\System32\ups2.exe (file missing)
| CleanDows a écrit : |
A mon tour de te souhaiter bon courage
Message édité par LargoWinch38 le 31-08-2006 à 01:15:17
Marsh Posté le 31-08-2006 à 19:53:57
Bonsoir LargoWinch38,
1) Copie-colle les lignes suivantes dans le bloc-note et appelle ce fichier "Fix.reg" (attention, tu dois changer le type de fichier pour que ce NE soit PAS un texte !)
| Citation : |
2) Redémarre en mode sans échec : http://service1.symantec.com/SUPPO [...] 5143456924
3) Exécute le fichier "fix.reg" que tu as créé et accepte les modifications du registre
4) Répète les étapes 3 à 7 de mon post précédent
5) Crée un point de restauration du système, pour pouvoir revenir immédiatement à cet état si tu te refais infecter... http://www.vulgarisation-informati [...] ration.php
Bonne chance, n'hésite pas à poser des questions en cas de problème, nous sommes là uniquement pour t'aider !
Message édité par CleanDows le 31-08-2006 à 19:54:40
Marsh Posté le 31-08-2006 à 22:35:13
Bonsoir,
et merci.
Ce serait donc ce fichier E:\Program Files\_Zen_Vrac\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL qui serait la cause de mes soucis puisque tu me demande de retirer la clé correspondante.
| Citation : |
Par contre, là
| Citation : |
je suppose qu'il faut lire [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UPS]
Et que va faire cette modif (passer de 3 à 4) ? Je suis effectivement branché un onduleur et le "pilote" via le port série.
Je m'attèle au reste de la procédure DQP et te tiens au courant dans la foulée.
Merci encore.
Je n'hésiterai pas à revenir et surtout à recommander ce forum pour ce genre de desinfections pénibles et dificiles.
Marsh Posté le 01-09-2006 à 19:16:20
Bonsoir LargoWinch38,
La CLSID que je te propose de supprimer à résolu des problèmes sur certains grands forums américains, tandis que le changement de la valeur DWORD pour le service "UPS" a aidé plusieurs néerlandophones...
Honnêtement, je ne vois rien d'autre qui serait susceptible de ramner "Tenga" dans tes rapports...
| Citation : |
--> Oui, c'est bien cela...
Crée un point de restauration et essaye de trouver pourquoi tu te fais ré-infecter... (quel programme ?)
Marsh Posté le 14-09-2006 à 00:53:21
Bonsoir,
ca me déprime. J'ai fait toutes les manips et attendu quelques jours cette fois avant de rapporter. Et ce soir, nouvelle vague de détection. Une centaine d'exe infectés...
Tout mon "catalogue d'indispensables" a été mis en quarantaine... Ca ne serait pas une piste ça, le fait que seuls les exe téléchargés ou posés sur la partition dans laquelle je pose mes téléchargements soient infectés ? Je crois avoir ku une histoire autour de DCOM ou un truc comme ça, mais je n'avais pas tout compris 
A ton avis ?
Sinon, je vais reprendre pas a pas ta procedure, en desactivant en plus la restauration systeme.
A+
Marsh Posté le 27-02-2008 à 22:36:06
déterrage de sujet, j'ai jamais trouvé de solution, et j'ai ce virus en ce moment
Marsh Posté le 27-02-2008 à 22:50:23
Désolé, mais, si mes souvenirs sont bon, ça a fini par une reinstallation d'XP... Mes dossiers windows datent du 26/10/2006, soit un petit mois après ce post.
Mais peut-etre qu'aujourd'hui des nettoyeurs plus puissants sont sortis. Es-tu allé faire un tour du coté de www.secuser.com et ses antivirus en ligne ?
Sujets relatifs:
- Generic Host Process for Win32 plante ma connec
- Generic Host Process for Win32 Services... ?
- Envoi d'emails ! --- Résolu ---
- Blocage/virus/win32
- Erreur du : Generic Host Process for Win32 Services => HELP
- [RESOLU][Active directory serveur 2003]pb intégration au domaine
- Résolu - Impossible de me connecter à un pc dans mon groupe de travail
- ecran bleu au demarrage d'une video [résolu]
- [resolu] MagicControl.Agent / Spy en continu, d'où viennent-ils ?
- message d'erreur Internet Explorer [RESOLU]
Marsh Posté le 16-08-2006 à 00:01:28
Bonjour,
je n'arrive pas a me debarrasser de cette salete de Tenga, qui revient périodiquement infecter les fichiers que je viens de télécharger. Un scan par Avast fait du ménage, mais ca revient. J'ai testé A², Ad-Aware, Spybot S&D, Hijackthis (cf log ci-dessous, mais l'analyse par http://www.hijackthis.de/fr#anl ne donne rien), divers AV en ligne, sans succès.
Que me conseillez-vous ?
Merci
Logfile of HijackThis v1.99.1
Scan saved at 23:54:09, on 15/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
E:\Program Files\_Outils\_Securite\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedul2.exe
E:\Program Files\_Outils\_Securite\Avast4\aswUpdSv.exe
E:\Program Files\_Outils\_Securite\Avast4\ashServ.exe
E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4ss.exe
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\RunSC.exe
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\PCtl.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4gui.exe
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\BIL.EXE
E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\CILRS232.EXE
D:\WINDOWS\Explorer.EXE
E:\Program Files\_Outils\_Securite\Avast4\ashMaiSv.exe
E:\Program Files\_Outils\_Securite\Avast4\ashWebSv.exe
E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4gui.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\_Outils\_Systeme\_Peripheriques\Logitech\iTouch\iTouch.exe
E:\PROGRA~1\_Outils\_SECUR~1\Avast4\ashDisp.exe
E:\Program Files\_Outils\_Systeme\Powertoys XP\taskswitch.exe
E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\point32.exe
E:\Program Files\_Internet\MessengerPlus! 3\MsgPlus.exe
E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\jusched.exe
E:\Program Files\_Multimedia\_Audio\TotalRecorder\TotRecSched.exe
E:\Program Files\_Outils\_Securite\TrueImage\TrueImageMonitor.exe
E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedhlp.exe
E:\Program Files\_Outils\_Securite\Windows Defender\MSASCui.exe
D:\WINDOWS\system32\RunDLL32.exe
E:\Program Files\_Outils\_Systeme\AI Roboform\RoboTaskBarIcon.exe
E:\Program Files\_Zen_Vrac\MSN Messenger\msnmsgr.exe
E:\Program Files\_Outils\_Systeme\_Composants\SpeedFan\speedfan.exe
E:\Program Files\_Outils\_Systeme\UltraMon\UltraMon.exe
E:\Program Files\_Outils\_Internet&Reseaux\BWMeter\BWMeter\BWMeter.exe
E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe
E:\Program Files\_Bureautique\Microsoft Office\OFFICE11\OUTLOOK.EXE
E:\Program Files\_Internet\ThunderBird\thunderbird.exe
E:\Program Files\_Internet\Maxthon\maxthon.exe
E:\Program Files\_Accessoires\Acrobat Reader\Reader\AcroRd32.exe
J:\_Catalogues d'indispensables et installés\90. Utilitaires\_Sécurité\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\_Accessoires\Acrobat Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\_Outils\_SECUR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\_zen_vrac\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\_zen_vrac\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\_Outils\_Systeme\AI Roboform\roboform.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "E:\Program Files\_Outils\_Systeme\_Composants\Nvidia nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LaunchList] E:\Program Files\_Outils\_Systeme\_Composants\Pinnacle PCTV\LaunchList.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\_Outils\_Systeme\_Peripheriques\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\_Outils\_SECUR~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [CoolSwitch] E:\Program Files\_Outils\_Systeme\Powertoys XP\taskswitch.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\_Zen_Vrac\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "E:\Program Files\_Internet\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "E:\Program Files\_Multimedia\_Audio\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\_Outils\_Securite\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\_Outils\_Securite\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RemoveWGA] f:\Temp\Rar$EX00.531\RemoveWGA.exe -startup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MessengerPlus3] "E:\Program Files\_Internet\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "E:\Program Files\_Outils\_Systeme\AI Roboform\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\_Zen_Vrac\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: UltraMon.lnk = E:\Program Files\_Outils\_Systeme\UltraMon\UltraMon.exe
O4 - Startup: BWMeter.lnk = E:\Program Files\_Outils\_Internet&Reseaux\BWMeter\BWMeter\BWMeter.exe
O4 - Global Startup: SpeedFan.lnk = E:\Program Files\_Outils\_Systeme\_Composants\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\_Accessoires\Acrobat Reader\Reader\reader_sl.exe
O8 - Extra context menu item: Barre RoboForm - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\_Outils\_Systeme\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComSavePass.html
O9 - Extra button: Générateur - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComPasswordGenerator.html
O9 - Extra 'Tools' menuitem: Générateur - {320AF880-6646-11D3-ABEE-C5DBF3571F50} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComPasswordGenerator.html
O9 - Extra button: Déconnexion - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComLogoff.html
O9 - Extra 'Tools' menuitem: Déconnexion - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComLogoff.html
O9 - Extra button: Cartes - {45DB34C3-955C-11D3-ABEF-444553540001} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComEditPass.html
O9 - Extra 'Tools' menuitem: Cartes - {45DB34C3-955C-11D3-ABEF-444553540001} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComEditPass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\_Outils\_Systeme\AI Roboform\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\_BUREA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\_Zen_Vrac\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9179998940
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com [...] loader.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\_ZEN_V~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\_ZEN_V~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\_Zen_Vrac\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\_Outils\_Securite\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\_Zen_Vrac\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - E:\Program Files\_Outils\_Securite\Kerio Firewall\Personal Firewall\kpf4ss.exe
O23 - Service: MGE Service module - Unknown owner - E:\Program Files\_Outils\_Systeme\_Peripheriques\MGE\RunSC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Onduleur (UPS) - Unknown owner - D:\WINDOWS\System32\ups2.exe (file missing)
Message édité par LargoWinch38 le 29-08-2006 à 00:42:24