PC lent (peut-être a cause de service.exe)Fermé

Question

Bonjour,
mon pc est devenu très lent depuis quelques jours sans raisons apparente. Voici mon scan Hitachi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:15, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Documents and Settings\xp\Bureau
okia pc suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Documents and Settings\xp\Bureau
okia pc suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Aidez moi SVP :'(

Blender · Answer

google et ton ami

elesan · Answer

OK je te dit sa et merci pour les réponses rapides.

elesan · Answer

Je ram tout autant?!
Il y avait quelques Cookies mais c' est tout.

elesan · Answer

Merci.
Je n' ai "Local Settings" nulle part ?? est-ce normal?
PS: j' ai vidé le reste.

elesan · Answer

Ok 
J' ai trouvé!!!!!

Mais sa marche pas :'(

elesan · Answer

Non c' est bon j'ai supprimé mais ca ne change rien.

elesan · Answer

CCleaner, c'est déjà fait.
pour l' antivirus il se fait.
Regarde mon gestionnaire de tâches:
[url=https://imageshack.com/][img=http://img185.imageshack.us/img185/2015/gestionml7.th.jpg][/url]

elesan · Answer

J' ai 6 virus merci de t' occuper de moi!
Reste dans le coin car il faut que je voie l' évolution du PC.

elesan · Answer

Tant pis;
Merci d' avoir essayé.

^^Marie^^ · Answer

Salut

Tu as quoi comme crack ??

Toolbar: EPSON Web-To-Page &#9658; inutile

Pando &#9658; P2P ;;))



1/ Télécharge et installe CCleaner 
(attention à l'installation penser à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner).

http://www.clubic.com/lancer-le-telechargement-20932-0-ccleaner-crap-cleaner-.html

2/ 2/ Télécharge AVG 
https://www.avg.com/en-ww/free-antivirus-download
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. 
Tu fermes


 
3/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...) 
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent. 
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 
 https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php




4/ Lance HijackThis 
puis --> Do a system scan only 
coche les lignes indiquées ci-dessous 
puis --> Fix checked 
puis oui à la question de confirmation

O2 - BHO: 834668 helper - {413B556F-9483-4319-9DCA-5378529986E2} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\QuickTime\qttask.exe" –atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll 
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (file missing)




5/ Assure-toi que tu as accès aux fichiers cachés.   
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage   
"Afficher les fichiers et dossiers cachés" ->coché   
"Masquer les extensions des fichiers dont le type est connu" ->décoché) 
 

7/ Lance CCleaner
 puis bouton Analyse ensuite Bouton Lancer le Nettoyage 

8/ Lance AVG
Lance AVG Anti-Spyware 
Clique sur le bouton Analyse (de la barre d'outils) 
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. 
Reviens à l'onglet Analyse. Clique sur Analyse complète du système. 
/!\ Si un fichier est infecté en fin d'analyse /!\
choisis l'option " Appliquer toutes les actions " en bas. 
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous" 
Enregistre ce fichier texte sur ton bureau.
Copie/colle le rapport 



9/ Redémarre normalement et poste un nouveau rapport HijackThis. 
 
as-tu encore des dysfonctionnements ?


Supprime toutes les versions obsolètes de JAVA
Mets la à jour
https://www.java.com/fr/download/manual.jsp

elesan · Answer

C' est bon!!!!!
J' ai trouvé, désolé Marie 
c' était ma carte graphique qui était désinstallée! ;) 
sa va beaucoup mieux maintenant :lol:

https://www.touslesdrivers.com/index.php

elesan · Answer

Ok merci bien se sera fait

^^Marie^^ · Answer

OK

J'attends la suite

elesan · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:29, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: Shell=explorer.exe 
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {413B556F-9483-4319-9DCA-5378529986E2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Documents and Settings\xp\Bureau
okia pc suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Documents and Settings\xp\Bureau
okia pc suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - 
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: maconfservice - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

elesan · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:59:29, on 16/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Pando Networks\Pando\Pando.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: Shell=explorer.exe 
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {413B556F-9483-4319-9DCA-5378529986E2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Documents and Settings\xp\Bureau
okia pc suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Documents and Settings\xp\Bureau
okia pc suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - 
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: maconfservice - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

^^Marie^^ · Answer

Salut

1) Affiche les fichiers et dossiers cachés … 
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images". 
Ensuite, clique sur >
 Outils > Options des dossiers ... 
clique sur l' onglet « Affichage » et ... 
Ou bien 
« Outil »
« Option Internet »
« Avancés »
coche ---> Afficher les fichiers et dossiers cachés 
décoche > Masquer les extensions des fichiers dont le type est connu 
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé). 
« Appliquer » et « OK ».
refaire la manip inverse en fin de désinfection


Télécharges ComboFix à partir d'un de ces liens : 
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


 

Et important, enregistre le sur le bureau. 

Avant d'utiliser ComboFix : 

&#9658; Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

&#9658; Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. 


Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

&#9658; Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

&#9658; Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.


+++

elesan · Answer

ComboFix 08-05-15.3 - xp 2008-05-18 10:11:57.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1059 [GMT 2:00] Endroit: C:\Documents and Settings\xp\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370 C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\563_button_1b_def.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\563_button_1b_over.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\572_button_1b_def.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\572_button_1b_over.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\573_button_1b_def.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\573_button_1b_over.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\FindIt.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\FindItHot.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\findithotxp.png C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\finditxp.png C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\logo.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\buttons\logoxp.bmp C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\contexts\error.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\contexts elated.xml C:\Documents and Settings\All Users.WINDOWS\Application Data\Starware370\contexts ravel.xml C:\Documents and Settings\jean-marc\Application Data\ShoppingReport C:\Documents and Settings\jean-marc\Application Data\ShoppingReport\cs\Config.xml C:\Documents and Settings\jean-marc\Application Data\ShoppingReport\cs\db\Aliases.dbs C:\Documents and Settings\jean-marc\Application Data\ShoppingReport\cs\db\Sites.dbs C:\Documents and Settings\jean-marc\Application Data\ShoppingReport\cs\dwld\WhiteList.xip C:\Documents and Settings\jean-marc\Application Data\ShoppingReport\cs eport\aggr_storage.xml C:\Documents and Settings\jean-marc\Application Data\ShoppingReport\cs eport\send_storage.xml C:\Documents and Settings\jean-marc\Application Data\ShoppingReport\cs es2\WhiteList.dbs C:\Documents and Settings\jean-marc\Application Data\SystemDoctor Free C:\Documents and Settings\jean-marc\Application Data\SystemDoctor Free\Logs\update.log C:\Documents and Settings\jean-marc\err.log C:\Documents and Settings\jean-marc\Local Settings\Application Data\jfqmilhdok.dat C:\Documents and Settings\jean-marc\Local Settings\Application Data\jfqmilhdok_nav.dat C:\Documents and Settings\jean-marc\Local Settings\Application Data\jfqmilhdok_navps.dat C:\Documents and Settings\jean-marc\Menu Démarrer\Programmes\InternetGameBox C:\Documents and Settings\jean-marc\Menu Démarrer\Programmes\InternetGameBox\Conditions générales.lnk C:\Documents and Settings\jean-marc\Menu Démarrer\Programmes\InternetGameBox\Confidentialité.lnk C:\Documents and Settings\jean-marc\Menu Démarrer\Programmes\InternetGameBox\InternetGameBox.lnk C:\Documents and Settings\jean-marc\Menu Démarrer\Programmes\InternetGameBox\Website.lnk C:\Documents and Settings\jean-marc\ResErrors.log C:\Program Files\Fichiers communs\SystemDoctor C:\Program Files\Fichiers communs\SystemDoctor\err.log C:\Redemption.ECF . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))))))) . 2008-05-17 21:40 . 2008-05-17 21:41 d-------- C:\WINDOWS\LastGood 2008-05-17 21:30 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll 2008-05-17 21:30 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB 2008-05-17 21:28 . 2008-05-17 21:28 0 --a------ C:\WINDOWS\Irremote.ini 2008-05-17 21:15 . 2008-05-17 21:15 d-------- C:\9c1d9a4b358f0830c013348a0a 2008-05-17 21:09 . 2008-05-17 21:09 d-------- C:\WINDOWS\system32\LogFiles 2008-05-17 21:09 . 2008-05-17 21:10 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-05-16 22:14 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll 2008-05-16 22:14 . 2005-06-06 17:51 11,264 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys 2008-05-16 22:14 . 2005-01-05 18:02 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys 2008-05-16 22:06 . 2005-03-23 16:56 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-05-16 21:58 . 2008-05-17 16:51 d--h----- C:\$AVG8.VAULT$ 2008-05-16 16:17 . 2008-05-18 00:48 d-------- C:\WINDOWS\system32\drivers\Avg 2008-05-16 16:17 . 2008-05-16 16:17 d-------- C:\Program Files\AVG 2008-05-16 16:17 . 2008-05-16 16:17 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2008-05-16 16:17 . 2008-05-16 16:17 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-05-16 16:17 . 2008-05-16 16:17 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-05-16 16:17 . 2008-05-16 16:17 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys 2008-05-16 16:17 . 2008-05-16 16:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-05-15 09:56 . 2008-04-03 15:42 53,248 --a------ C:\WINDOWS\system32\drivers\ViPrt.sys 2008-05-15 09:56 . 2007-09-21 16:28 18,432 --a------ C:\WINDOWS\system32\vIdeInst.dll 2008-05-15 09:56 . 2008-04-03 15:42 16,896 --a------ C:\WINDOWS\system32\drivers\ViBus.sys 2008-05-15 09:56 . 2007-09-21 17:49 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys 2008-05-15 09:27 . 2008-05-15 09:27 d-------- C:\Program Files\Realtek AC97 2008-05-15 09:25 . 2008-05-15 09:25 d-------- C:\WINDOWS\OPTIONS 2008-05-15 09:25 . 2008-02-25 20:54 105,088 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys 2008-05-15 09:24 . 2008-05-15 09:24 d-------- C:\Program Files\S3 2008-05-15 09:19 . 2008-05-15 09:19 d-------- C:\Program Files\ma-config.com 2008-05-15 09:19 . 2008-05-16 22:03 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com 2008-05-15 09:05 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-15 09:05 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-15 09:05 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-15 09:05 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-15 09:05 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-15 09:05 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-15 09:05 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-15 09:05 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-15 08:25 . 2008-05-15 10:47 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TrackMania 2008-05-14 14:42 . 2008-05-14 14:42 d-------- C:\WINDOWS\wt 2008-05-14 12:46 . 2008-05-14 12:47 d-------- C:\Program Files\Panda Security 2008-05-14 11:42 . 2008-05-14 11:42 d-------- C:\Program Files\Trend Micro 2008-05-14 11:10 . 2008-05-14 11:10 d-------- C:\WINDOWS\Sun 2008-05-13 21:13 . 2008-05-13 21:13 d-------- C:\Program Files\Rockstar Games 2008-05-11 22:01 . 2008-05-11 22:01 d---s---- C:\WINDOWS\system32\Microsoft 2008-05-11 21:21 . 2008-05-11 21:22 d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-11 21:09 . 2008-05-15 09:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-05-11 17:21 . 2008-05-11 17:21 d-------- C:\Program Files\Fichiers communs\BOONTY Shared 2008-05-11 17:20 . 2008-05-11 17:20 d-------- C:\Program Files\Boonty 2008-05-10 12:08 . 2008-05-11 17:21 d-------- C:\Program Files\Skyline 2008-05-09 19:46 . 2008-05-09 19:46 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY 2008-05-09 19:40 . 2008-05-11 17:16 d-------- C:\Program Files\BoontyGames 2008-05-09 14:06 . 2004-08-04 00:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-08 17:58 . 2008-05-08 17:58 45 ---h----- C:\WINDOWS\dsez5937.dat 2008-05-07 10:48 . 2008-05-07 10:48 0 --a------ C:\WINDOWS sreg.dat 2008-05-06 08:05 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2008-05-06 08:05 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys 2008-05-06 08:04 . 2008-05-06 08:04 d--hs---- C:\Documents and Settings\xp\Phone Browser 2008-05-04 16:34 . 2008-05-07 14:09 d-------- C:\Program Files\Mystery Case Files - Madame Fate 2008-05-04 12:08 . 2008-05-04 12:08 d-------- C:\Program Files\ReflexiveArcade 2008-05-01 20:39 . 2008-05-01 20:39 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ViaMichelin 2008-05-01 10:29 . 2008-05-01 10:29 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-05-01 10:29 . 2008-05-01 10:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-04-28 16:27 . 2008-04-28 16:27 d-------- C:\QuickTime 2008-04-26 22:07 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll 2008-04-26 22:07 . 2007-07-30 19:19 203,096 --a--c--- C:\WINDOWS\system32\dllcache\wuweb.dll 2008-04-25 09:38 . 2008-04-25 09:38 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM 2008-04-25 09:37 . 2008-04-25 09:37 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail 2008-04-24 17:23 . 2008-04-24 17:23 d-------- C:\Documents and Settings\xp\Application Data\Nokia Multimedia Player 2008-04-24 17:18 . 2008-04-24 17:18 d-------- C:\Program Files\Fichiers communs\PCSuite 2008-04-24 17:18 . 2008-04-24 17:18 d-------- C:\Program Files\Fichiers communs\Nokia 2008-04-24 17:17 . 2008-04-24 17:17 d-------- C:\Program Files\PC Connectivity Solution 2008-04-24 17:17 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-04-24 17:17 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-04-24 17:17 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys 2008-04-24 17:17 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys 2008-04-24 17:17 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys 2008-04-24 17:13 . 2008-04-24 17:13 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite 2008-04-24 17:12 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers mwcd.sys 2008-04-24 17:12 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32 mwcdcocls.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 08:05 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2 2008-05-18 08:03 --------- d-----w C:\Documents and Settings\xp\Application Data\Azureus 2008-05-17 19:31 --------- d-----w C:\Program Files\Nero 2008-05-17 19:31 --------- d-----w C:\Program Files\Fichiers communs\Nero 2008-05-17 19:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero 2008-05-15 08:46 --------- d-----w C:\Program Files\Steam 2008-05-15 07:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-14 11:37 1,626 ----a-w C:\WINDOWS\system32 mp.reg 2008-05-14 10:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON 2008-05-11 19:59 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2008-05-11 18:39 --------- d-----w C:\Program Files\Google 2008-05-11 12:47 --------- d-----w C:\Program Files\Azada 2008-05-09 10:57 --------- d-----w C:\Program Files\CCleaner 2008-05-09 10:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Skyline 2008-05-09 10:32 --------- d-----w C:\Documents and Settings\xp\Application Data\EoRezo 2008-05-09 05:21 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2008-05-08 16:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar 2008-05-05 10:34 --------- d-----w C:\Program Files\Ahead 2008-05-05 10:31 --------- d-----w C:\Program Files\Fichiers communs\Ahead 2008-04-28 14:29 --------- d-----w C:\Program Files\iTunes 2008-04-26 19:30 --------- d-----w C:\Program Files\Wanadoo 2008-04-24 15:16 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Installations 2008-04-24 15:14 --------- d-----w C:\Documents and Settings\xp\Application Data\PC Suite 2008-04-24 15:13 --------- d-----w C:\Program Files\DIFX 2008-04-24 15:13 --------- d-----w C:\Documents and Settings\xp\Application Data\Nokia 2008-04-16 21:44 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media 2008-04-16 05:11 --------- d-----w C:\Program Files\Azureus 2008-04-11 16:11 --------- d-----w C:\Program Files\MSN Messenger 2008-04-11 16:09 --------- d-----w C:\Program Files\Windows Live 2008-04-11 16:08 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-04-11 16:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller 2008-04-09 20:59 --------- d-----w C:\Program Files\CamStudio 2008-04-08 13:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom 2008-04-07 09:08 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Azureus 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-05 14:30 97,288 ------w C:\DSETUP.dll 2008-03-05 14:30 527,880 ------w C:\DXSETUP.exe 2008-03-05 14:30 1,694,728 ------w C:\dsetup32.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . [code]

----a-w         1,397,760 2007-12-26 12:04:21  C:\Documents and Settings\jean-marc\Bureau\gravage\InCD\InCD .exe
----a-w            57,344 2007-12-26 11:46:44  C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy .exe
----a-w         5,207,368 2007-12-26 12:05:46  C:\Program Files\Pando Networks\Pando\pando .exe

[/code] ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{413B556F-9483-4319-9DCA-5378529986E2}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2008-02-09 15:02 6051144] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 22:45 1211176] "EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 08:00 182272] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-19 22:32 262401] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ] "EoWeather"="" [] "EoEngine"="" [] "CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 04:43 53340] "VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe] "S3Trayp"="S3trayp.exe" [2007-06-11 11:15 176128 C:\WINDOWS\system32\S3Trayp.exe] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-16 16:17 1177368] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Nokia.PCSync"="C:\Documents and Settings\xp\Bureau okia pc suite\Nokia PC Suite 6\PcSync2.exe" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.XVID"= xvid.dll "vidc.DIV3"= DivXc32.dll "vidc.DIV4"= DivXc32f.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "OPTENET_FILTER"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Pando Networks\Pando\pando.exe"= "C:\Program Files\Microsoft ActiveSync apimgr.exe"= C:\Program Files\Microsoft ActiveSync apimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\Program Files\Steam\steamapps\elesan2\counter-strike source\hl2.exe"= "C:\Program Files\Azureus\Azureus.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\iTunes\iTunes.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe"= "C:\WINDOWS\system32\dpnsvr.exe"= "C:\WINDOWS\system32\dxdiag.exe"= "C:\Program Files\AVG\AVG8\avgupd.exe"= "C:\Program Files\AVG\AVG8\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1577:UDP"= 1577:UDP:Windows Media Format SDK (firefox.exe) "1576:UDP"= 1576:UDP:Windows Media Format SDK (firefox.exe) R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-05-16 16:17] R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2008-04-03 15:42] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49] R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2008-04-03 15:42] R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-16 16:17] R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-16 16:17] R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-16 16:17] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:55] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys [2007-07-23 14:54] R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-11-04 00:45] S3 maconfservice;maconfservice;"C:\Program Files\ma-config.com\maconfservice.exe" [2008-05-14 16:40] S3 pccsmcfd;PCCS Mode Change Filter Driver;C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 15:53] S3 StMp3Rec;Pilote de périphérique de la restauration de lecteur;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2006-06-02 14:14] S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39] S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2008-05-09 19:46] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-05-05 12:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-05-09 15:18:44 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 10:17:45 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-05-18 10:23:47 ComboFix-quarantined-files.txt 2008-05-18 08:23:43 Pre-Run: 34,778,558,464 octets libres Post-Run: 36,553,318,400 octets libres 273 --- E O F --- 2008-04-26 21:01:57 Voilà, voilà!!

^^Marie^^ · Answer

Salut

ComBoFix a bien bossé

Envoie un log hijackthis

stp

elesan · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\S3trayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1apimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {413B556F-9483-4319-9DCA-5378529986E2} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Documents and Settings\xp\Bureau
okia pc suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Documents and Settings\xp\Bureau
okia pc suite\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Documents and Settings\xp\Application Data\Dealio\kb127es\DealioSearch.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - 
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - 
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: maconfservice - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

^^Marie^^ · Answer

Re

T'es vérolé encore

Télécharge BTFix 1.017 (de bibi26)
http://cluster1.easy-hebergement.net/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/40698.html


    * Décompresse l'archive sur ton Bureau (Clique-Droit/Extraire tout).
    * Ouvre le dossier BTFix
    * Double clique sur BTFix.exe
    * Clique sur Rechercher
    * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse

Tuto
https://leblogdeclaude.blogspot.com/2007/10/procdure-btfix.html

elesan · Answer

BTFix 1.060 (par bibi26) - 19/05/2008 20:30:54 - Analyse
Lancé depuis C:\Documents and Settings\xp\Bureau\BTFix\BTFix.exe

---> Fichiers/Dossiers trouvés

 - [Heuristique : Dealio Toolbar] C:\WINDOWS\Installer\3b77206.msi
 - C:\Program Files\AskTBar
 - C:\Program Files\Dealio
 - C:\Documents and Settings\xp\Application Data\Dealio
 - C:\Documents and Settings\All Users.WINDOWS\Application Data\GamesBar
 - C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Dealio

---> Analyse terminée

^^Marie^^ · Answer

ok

[*]Ouvre BTFix. 
[*]Clique sur Nettoyer. 
[*]Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.



+ un log hijackthis

A++

elesan · Answer

ok j' essaye

PC lent (peut-être a cause de service.exe)

23 réponses

Newsletters