redirection automatique Résolu/Fermé

Question

Bonjour à tous ,

Voila depuis deux jour lorsque je navigue avec firfox , je suis automatiquement rediriger sur bediddle ou d'autre site...Y-a t-il un moyen de cesser  ce probleme? 

merci d'avance

J_O_J_O · Answer

Salut  fait ceci ::   *Télécharges et installes le logiciel HijackThis de Merijn(prog de diagnostic !) :

*ici : http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

*Ouvre et click sur: "do you scan systeme and save log file" a la fin du scan poste le rapport ici :)



Ps : "modo" c'était Ironique histoire de rigolé :)

david006 · Answer

salut alors voila ce que sa donne ==>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:36:00, on 25/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Valve\Condition Zero\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Users\User\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Quick Macros] "C:\Program Files\Quick Macros 2\qm.exe" S
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games Social Club\RGSCLauncher.exe /silent
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer = 85.255.115.52;85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer = 85.255.115.52;85.255.112.85
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.52;85.255.112.85
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.52;85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.52;85.255.112.85
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Quick Macros (quickmacros2) - Unknown owner - C:\Program Files\Quick Macros 2\qmserv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

J_O_J_O · Answer

Alors désactive l'UAC de vista qui empêche la désinfection ! http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac#1 via le panneau de configuration 

*Âpres avoir redémarré le pc :

télécharge http://siri.urz.free.fr/Fix/SmitfraudFix.exe  smitfraudfix 

*Avant de l'ouvrir désactive ton antivirus est t'es défense d'antispywares et ferme tout t'es programmes ! 

*Clique droit sur l'icône de smitfraudfix et fait "executer en tant que administrateur" . 

*Fait l'option 1 !! Et poste le rapport ici qui sera généré à la fin du scan

david006 · Answer

ET voila ce que sa donne ==>




SmitFraudFix v2.387

Scan done at 16:23:00,79, 26/12/2008
Run from C:\Users\User\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is 
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Quick Macros 2\qmserv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32	askeng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !
C:esycled\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Wi-Fi Wireless LAN USB Adapter #3
DNS Server Search Order: 85.255.115.52;85.255.112.85

HKLM\SYSTEM\CCS\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.52;85.255.112.85


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

david006 · Answer

ET voila ce que sa donne ==>




SmitFraudFix v2.387

Scan done at 16:23:00,79, 26/12/2008
Run from C:\Users\User\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is 
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Quick Macros 2\qmserv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32	askeng.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !
C:esycled\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Wi-Fi Wireless LAN USB Adapter #3
DNS Server Search Order: 85.255.115.52;85.255.112.85

HKLM\SYSTEM\CCS\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.52;85.255.112.85


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

J_O_J_O · Answer

Merci y'avait pas besoin de poster deux fois ! bref redémarre en mode sans échec choisi ta session habituel puis relance smitfraudfix et fait l'option 2 ! En ayant ferme tout t'es programme Comme toute à l'heure :) Poste le nouveau rapport crée ici . 


Mode sans échec :: https://forums.cnetfrance.fr

david006 · Answer

oups dsl pour le double post.



SmitFraudFix v2.387

Scan done at 18:45:23,10, 26/12/2008
Run from C:\Users\User\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is 
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
::1             localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\autorun.inf Deleted
C:\resycled\ Deleted
C:\Program Files\Google\googletoolbar1.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CDC00DD1-CD4F-4AAB-B9BE-6E03D246A757}: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=85.255.115.52;85.255.112.85
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer=85.255.115.52;85.255.112.85


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

J_O_J_O · Answer

Télécharge et installe Malwarebyte's Anti-Malware:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

*met le a jours !!
*redémarre en mode sans échec ! (tapote la touche f8 ou f5  au démarrage du pc et choisi ta session habituel)
*ouvre malwaresbyte's ! et scan avec (exécute un scan complet !) à la fin du scan supprime bien les éléments cochés !!
*a la fin tout ce qui trouvera tu supprimera :)
*a la fin un rapport sera généré(bloc note s'ouvre) garde le et poste le ici

david006 · Answer

d'accord je rend sa vers 13 h  ..Merci de m'aider !^^

J_O_J_O · Answer

Ok de rien :)

^^Marie^^ · Answer

Bonjour

/!\ Attention /!\

Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! 


Relancer smitfraud en Mode Normal 

Regarde le tuto

Exécute le en choisissant l’option 5
il va générer un rapport
Copie/colle le sur le poste stp.

david006 · Answer

pour marie ==>
SmitFraudFix v2.387

Scan done at 15:50:53,85, 27/12/2008
Run from C:\Users\User\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Description: Wi-Fi Wireless LAN USB Adapter #3
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Wi-Fi Wireless LAN USB Adapter #3
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1

^^Marie^^ · Answer

Re

Ok

Relance smitfraud option 1

david006 · Answer

pour jojo ==>
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 6.0.6001 Service Pack 1

27/12/2008 16:51:10
hhhhhhhh

Type de recherche: Examen complet (C:\|D:\|S:\|)
Eléments examinés: 359899
Temps écoulé: 49 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\$Recycle.Bin\S-1-5-21-1094244775-2992983421-3338953470-1002\$RO3QPVW\keygen.exe (Backdoor.SDBot) -> No action taken.

david006 · Answer

pour marie ==>
SmitFraudFix v2.387

Scan done at 16:56:37,59, 27/12/2008
Run from C:\Users\User\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Quick Macros 2\qmserv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Quick Macros 2\qm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\User\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Wi-Fi Wireless LAN USB Adapter #3
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{108B07F8-1AE7-47F0-B877-DC263337F97D}: DhcpNameServer=84.103.237.143 86.64.145.143
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CB462100-4FC6-4F30-BAE7-68D94023DAEA}: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

^^Marie^^ · Answer

Super -- Beau boulot et bonne continuation ;))

david006 · Answer

merci a toi marie 
et merci a toi jojo , je n'ai plus la redirection 
enjoy^^

J_O_J_O · Answer

De rien =) [ Merci marie de l'aide ;) ] Et bon surf  David :)

^^Marie^^ · Answer

Re

Relance un log hijackthis
stp

david006 · Answer

voiila==>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:56, on 28/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Quick Macros 2\qm.exe
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AceGain\LiveUpdate\aceagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Quick Macros] "C:\Program Files\Quick Macros 2\qm.exe" S
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Quick Macros (quickmacros2) - Unknown owner - C:\Program Files\Quick Macros 2\qmserv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

J_O_J_O · Answer

Salut T'aime les barre d'outils  relance hijackthis en ayant fermé tout t'es programme surtout internet ! et coche ces lignes là puis fait fix en bas  . :::


R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll 

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (file missing) 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) 

Ensuite je te conseil vivement de viré avast pour avira antivir qui plus legé plus performant ! 

avira :::: https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

tuto avira ::: https://www.malekal.com/avira-free-security-antivirus-gratuit/

Pense à bien désinstaller avast !! et nettoyer avec ccleaner  

 ccleaner

*Télécharge et installe CCleaner  https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html ( à l'installation, pense à DÉCOCHER l'installation de Yahoo toolbar !!!).

*Lance CCleaner
Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Relance le nettoyage une deuxième fois.(pense à cocher toutes les cases décochées !!!!)

*Enfin, registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

*(garde ce logiciel et utilise le régulièrement).

Scan avec avira

Voilà apres avoir installer avira ouvre et fait un scan avec ;) puis poste le rapport généré si il te trouve des infection Merci

david006 · Answer

Premium Security Suite Report file date: lundi 29 décembre 2008 13:02 Scanning for 1131606 virus strains and unwanted programs. Licensed to: TSU HSIANG WANG Serial number: 2200058724-ISECE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Normally booted Username: SYSTEM Computer name: PC-DE-USER Version information: BUILD.DAT : 8.2.0.252 27422 Bytes 21/11/2008 10:13:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 29/12/2008 11:34:48 AVSCAN.DLL : 8.1.4.0 40705 Bytes 29/12/2008 11:34:48 LUKE.DLL : 8.1.4.5 164097 Bytes 29/12/2008 11:34:48 LUKERES.DLL : 8.1.4.0 12033 Bytes 29/12/2008 11:34:48 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:34:49 ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 11:34:49 ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 24/12/2008 11:34:49 ANTIVIR3.VDF : 7.1.1.44 176128 Bytes 29/12/2008 11:34:49 Engineversion : 8.2.0.45 AEVDF.DLL : 8.1.0.6 102772 Bytes 29/12/2008 11:34:49 AESCRIPT.DLL : 8.1.1.19 336252 Bytes 29/12/2008 11:34:49 AESCN.DLL : 8.1.1.5 123251 Bytes 29/12/2008 11:34:49 AERDL.DLL : 8.1.1.3 438645 Bytes 29/12/2008 11:34:49 AEPACK.DLL : 8.1.3.4 393591 Bytes 29/12/2008 11:34:49 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 29/12/2008 11:34:49 AEHEUR.DLL : 8.1.0.75 1524087 Bytes 29/12/2008 11:34:49 AEHELP.DLL : 8.1.2.0 119159 Bytes 29/12/2008 11:34:49 AEGEN.DLL : 8.1.1.8 323956 Bytes 29/12/2008 11:34:49 AEEMU.DLL : 8.1.0.9 393588 Bytes 29/12/2008 11:34:49 AECORE.DLL : 8.1.5.2 172405 Bytes 29/12/2008 11:34:49 AEBB.DLL : 8.1.0.3 53618 Bytes 29/12/2008 11:34:49 AVWINLL.DLL : 1.0.0.12 15105 Bytes 29/12/2008 11:34:48 AVPREF.DLL : 8.0.2.0 38657 Bytes 29/12/2008 11:34:48 AVREP.DLL : 8.0.0.2 98344 Bytes 29/12/2008 11:34:49 AVREG.DLL : 8.0.0.1 33537 Bytes 29/12/2008 11:34:48 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 29/12/2008 11:34:47 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 29/12/2008 11:34:48 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10 RCIMAGE.DLL : 8.0.0.51 2904321 Bytes 29/12/2008 11:34:44 RCTEXT.DLL : 8.0.46.0 86273 Bytes 29/12/2008 11:34:44 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\avira premium security suite\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, S:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 29 décembre 2008 13:02 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'avwebgrd.exe' - '1' Module(s) have been scanned Scan process 'avmailc.exe' - '1' Module(s) have been scanned Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SMSvcHost.exe' - '1' Module(s) have been scanned Scan process 'mdm.exe' - '1' Module(s) have been scanned Scan process 'avesvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'avfwsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'qmserv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 47 processes with 47 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! Master boot sector HD2 [INFO] No virus was found! Master boot sector HD3 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD4 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD5 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Master boot sector HD6 [INFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. [INFO] Please restart the search with Administrator rights Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'S:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Users\User\Desktop\Pinnacle Studio 11 Ultimate + Keygen\Keygen\Studio 11 Keygen NTSC.exe [DETECTION] Is the TR/Spy.Agent.BEM Trojan [NOTE] The file was moved to '49cdc47d.qua'! C:\Users\User\Downloads\SmitfraudFix.exe [0] Archive type: RAR SFX (self extracting) --> SmitfraudFix\Agent.OMZ.Fix.exe [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) [NOTE] The file was moved to '49c1c4ad.qua'! C:\Users\User\Downloads\SmitfraudFix\Agent.OMZ.Fix.exe [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) [NOTE] The file was moved to '49bdc4ac.qua'! C:\Windows\System32\Agent.OMZ.Fix.exe [DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted) [NOTE] The file was moved to '49bdc75c.qua'! Begin scan in 'D:\' D:\resycled\boot.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49c7dde7.qua'! Begin scan in 'S:\' S:\PC-DE-USER\Backup Set 2008-11-17 190529\Backup Files 2008-11-21 171533\Backup files 469.zip [0] Archive type: ZIP --> C\Program Files\Adobe\Acrobat 8.0\Setup Files\{AC76BA86-1033-F400-7760-000000000003}\Data1.cab [1] Archive type: CAB (Microsoft) --> template1.pdf6 [WARNING] No further files can be extracted from this archive. The archive will be closed S:\PC-DE-USER\Backup Set 2008-11-17 190529\Backup Files 2008-11-21 171533\Backup files 579.zip [0] Archive type: ZIP --> C\Users\User\Desktop\ADOBE SUITE CS3 PREMIUM\Adobe CS3\payloads\AdobeAcrobat8fr_FR\Data1.cab [1] Archive type: CAB (Microsoft) --> template1.pdf6 [WARNING] No further files can be extracted from this archive. The archive will be closed S:\PC-DE-USER\Backup Set 2008-11-17 190529\Backup Files 2008-11-21 171533\Backup files 585.zip [0] Archive type: ZIP --> C\Users\User\Desktop\ADOBE SUITE CS3 PREMIUM\Adobe CS3\payloads\AdobeIllustrator13fr_FR\AdobeIllustrator13fr_FR1.cab [1] Archive type: CAB (Microsoft) --> _2_32a4ef4e0cc182673174edc033459c02 [WARNING] No further files can be extracted from this archive. The archive will be closed S:\PC-DE-USER\Backup Set 2008-11-17 190529\Backup Files 2008-11-21 171533\Backup files 69.zip [0] Archive type: ZIP --> C\Users\User\Desktop\TuneUp Utilities 2008.rar [1] Archive type: RAR --> TU2008 Keymaker.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bot.21154.1 back-door program [NOTE] The file was moved to '49bbef0a.qua'! S:\resycled\boot.com [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '49c80545.qua'! End of the scan: lundi 29 décembre 2008 18:11 Used time: 5:09:12 Hour(s) The scan has been done completely. 27999 Scanning directories 1325688 Files were scanned 7 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 7 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 1325679 Files not concerned 6509 Archives were scanned 9 Warnings 7 Notes

J_O_J_O · Answer

Merci  réouvre avira sur le coté clique sur administration et va dans la quarantaine et supprime tout ! Puis passe un coup de ccleaner et re-scan avec hijackthis puis poste le nouveau rapport ici stp . Merci :)

david006 · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:09:29, on 30/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Quick Macros 2\qm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Quick Macros] "C:\Program Files\Quick Macros 2\qm.exe" S
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Quick Macros (quickmacros2) - Unknown owner - C:\Program Files\Quick Macros 2\qmserv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

Redirection automatique

24 réponses

Discussions similaires