Lire mon hijackthis svp

Résolu
jean-claude59 Messages postés 483 Statut Membre -  
jean-claude59 Messages postés 483 Statut Membre -
bonsoir peut on lire mon rapport en vous remerciant d'avance, et bonne soirée a vous tous
Configuration: Windows Vista
Firefox 3.0.10


ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:40:25, on 21/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: trueads search enhancer - {6D003EB6-7007-589F-7026-962C923ADA25} - C:\Windows\system32\ipidgygnufdz.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: trueads - {9ab24df2-7ce9-07dd-044c-4828d94f5dfb} - C:\Windows\system32\nsjA334.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S17F3.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 9484 bytes

12 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt
    explique tes soucis svp cela aide énormément

    puis

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
    1. jean-claude59 Messages postés 483 Statut Membre 37
       
      bonsoir jlp jlp que pense tu de ce rapport de malwarebytes c'est pas mon ordi


      alwarebytes' Anti-Malware 1.36
      Version de la base de données: 2163
      Windows 6.0.6001 Service Pack 1

      21/05/2009 20:30:56
      mbam-log-2009-05-21 (20-30-53).txt

      Type de recherche: Examen rapide
      Eléments examinés: 71589
      Temps écoulé: 2 minute(s), 50 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 4
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 3

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d003eb6-7007-589f-7026-962c923ada25} (Adware.Adrotator) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{6d003eb6-7007-589f-7026-962c923ada25} (Adware.Adrotator) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ab24df2-7ce9-07dd-044c-4828d94f5dfb} (Adware.Adrotator) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{9ab24df2-7ce9-07dd-044c-4828d94f5dfb} (Adware.Adrotator) -> No action taken.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\Program Files\Mozilla Firefox\components\eab9ca83-ec45-69e9-982a-2b42941ce9e7.dll (Adware.Yoog) -> No action taken.
      C:\WINDOWS\System32\ipidgygnufdz.dll (Adware.Adrotator) -> No action taken.
      C:\WINDOWS\System32\nsjA334.dll (Adware.Adrotator) -> No action taken.



      merci pour tes conseilles et bonne soirée
      0
      1. jean-claude59 Messages postés 483 Statut Membre 37 > jean-claude59 Messages postés 483 Statut Membre
         
        le rapport de toolbar

        -----------\\ ToolBar S&D 1.2.8 XP/Vista

        Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
        X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
        BIOS : Ver 1.00PARTTBL
        USER : laura ( Administrator )
        BOOT : Normal boot
        Antivirus : Bitdefender Antivirus 8.0 (Activated)
        Firewall : Bitdefender Firewall 8.0 (Activated)
        C:\ (Local Disk) - NTFS - Total:141 Go (Free:93 Go)
        D:\ (Local Disk) - NTFS - Total:7 Go (Free:2 Go)
        E:\ (CD or DVD)

        "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
        Option : [1] ( 21/05/2009|20:38 )

        [ UAC => 1 ]

        -----------\\ Recherche de Fichiers / Dossiers ...


        -----------\\ [..\Internet Explorer\Main]

        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
        "Start Page"="https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com"
        "Local Page"="C:\\Windows\\system32\\blank.htm"
        "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
        "Url"="https://www.msn.com/fr-fr/actualite/"

        [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
        "Start Page"="https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com"
        "Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF"
        "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
        "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


        --------------------\\ Recherche d'autres infections


        Aucune autre infection trouvée !

        [ UAC => 1 ]


        1 - "C:\ToolBar SD\TB_1.txt" - 21/05/2009|20:39 - Option : [1]

        -----------\\ Fin du rapport a 20:39:06,46
        0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok il les a trouvé : vire tout

    puis pour voir mets toolbar sd et dis tes soucis
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok c'est bon

    internet explorer 8 est sorti

    sinon

    Mettre a jour java:
    https://javara.fr.malavida.com/

    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
    Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    Double-clique sur le répertoire JavaRa obtenu.
    Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    Clique sur Search For Updates.
    Sélectionne Update Using jucheck.exe puis clique sur Search.
    Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
    (c:\JavaRa.log)
    Ferme l'application.

    si cela ne fonctionne pas

    https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

    tu peux désinstaller les vieilles versions.

    ____________________

    pour versifier

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
  4. jean-claude59 Messages postés 483 Statut Membre 37
     
    drole de page avec mozilla firefox sinon aucun problème au niveau de l'ordi marche bien

    a part cela yoog search a la place google
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok si il y a yoog search alors a faire aussi ceci:

    • Télécharge Yoog_Fix (de Batch_Man) sur ton Bureau.

    http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe

    • Double-clique dessus et choisis l'option 1 ( Recherche )
    • Attend que le scan se fasse, un rapport va s'ouvrir (C:\Yoog_Fix.txt)
    • Poste le dans ta prochaine réponse.
    0
    1. jean-claude59 Messages postés 483 Statut Membre 37
       
      re je trouve pas le rapport de java

      par contre bitdefender bloque ton http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe

      je peut desactiver bitdefender a+
      0
  7. jean-claude59 Messages postés 483 Statut Membre 37
     
    bonsoir voici les rapport

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by laura at 2009-05-21 21:10:05
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 97 GB (67%) free of 145 GB
    Total RAM: 2046 MB (56% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:10:12, on 21/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    2 eme

    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\E_FATICEE.EXE
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\laura\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\laura.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: trueads search enhancer - {6D003EB6-7007-589F-7026-962C923ADA25} - C:\Windows\system32\ipidgygnufdz.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: trueads - {9ab24df2-7ce9-07dd-044c-4828d94f5dfb} - C:\Windows\system32\nsjA334.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S17F3.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais yoogfix comme indiqué puis

    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :processes
    explorer.exe
    :files
    C:\Windows\system32\ipidgygnufdz.dll
    C:\Windows\system32\nsjA334.dll
    C:\Program Files\Mozilla Firefox\components\eab9ca83-ec45-69e9-982a-2b42941ce9e7.dll
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D003EB6-7007-589F-7026-962C923ADA25}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ab24df2-7ce9-07dd-044c-4828d94f5dfb}]
    :commands
    [purity]
    [emptytemp]
    [start explorer]

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
    1. jean-claude59 Messages postés 483 Statut Membre 37
       
      le rapport de otmoveil

      rror: Unable to interpret <processes> in the current context!
      Error: Unable to interpret <explorer.exe> in the current context!
      ========== FILES ==========
      C:\Windows\system32\ipidgygnufdz.dll unregistered successfully.
      File move failed. C:\Windows\system32\ipidgygnufdz.dll scheduled to be moved on reboot.
      C:\Windows\system32\nsjA334.dll unregistered successfully.
      File move failed. C:\Windows\system32\nsjA334.dll scheduled to be moved on reboot.
      DllUnregisterServer procedure not found in C:\Program Files\Mozilla Firefox\components\eab9ca83-ec45-69e9-982a-2b42941ce9e7.dll
      C:\Program Files\Mozilla Firefox\components\eab9ca83-ec45-69e9-982a-2b42941ce9e7.dll NOT unregistered.
      File move failed. C:\Program Files\Mozilla Firefox\components\eab9ca83-ec45-69e9-982a-2b42941ce9e7.dll scheduled to be moved on reboot.
      ========== REGISTRY ==========
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­on\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­on\Explorer\Browser Helper Objects\{6D003EB6-7007-589F-7026-962C923ADA25}\\ not found.
      Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­on\Explorer\Browser Helper Objects\{9ab24df2-7ce9-07dd-044c-4828d94f5dfb}\\ not found.
      ========== COMMANDS ==========
      File delete failed. C:\Users\laura\AppData\Local\Temp\etilqs_moTS00l3UZbvMs3uh2sI scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile01.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile02.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile03.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile04.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile05.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile06.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile07.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile08.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile09.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile10.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile11.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile12.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile13.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile14.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile15.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile16.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile17.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile18.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\fwtsqmfile19.sqm scheduled to be deleted on reboot.
      File delete failed. C:\Windows\temp\RegModule.exe scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      File delete failed. C:\Users\laura\AppData\Local\Mozilla\Firefox\Profiles\9ax3i51m.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. C:\Users\laura\AppData\Local\Mozilla\Firefox\Profiles\9ax3i51m.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. C:\Users\laura\AppData\Local\Mozilla\Firefox\Profiles\9ax3i51m.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. C:\Users\laura\AppData\Local\Mozilla\Firefox\Profiles\9ax3i51m.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. C:\Users\laura\AppData\Local\Mozilla\Firefox\Profiles\9ax3i51m.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. C:\Users\laura\AppData\Local\Mozilla\Firefox\Profiles\9ax3i51m.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05212009_213449
      0
  9. jean-claude59 Messages postés 483 Statut Membre 37
     
    bonsoir le rapport de yoogfix

    Yoog_Fix 2.02 de Batch_Man
    Debut a 21:28 le 21/05/2009
    Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
    Internet Explorer 7.0.6001.18000
    Mozilla Firefox 3.0.10 (fr)
    BitDefender 8.0 (Not activated)
    BitDefender 8.0 (Activated)

    C:\ [Fixed] - NTFS - (Total:144992 Mo/Free:2561 Mo)
    D:\ [Fixed] - NTFS - (Total:7632 Mo/Free:2358 Mo)
    E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
    UAC: ON

    Option [1] 2 Recherche

    +---------------\\ Processus cachés/bloqués

    4 -Locked- System
    1160 -Locked- audiodg.exe
    2708 -Locked- xcommsvr.exe
    2760 -Locked- livesrv.exe
    3052 -Locked- vsserv.exe
    3948 -Locked- svchost.exe

    +---------------\\ Recherche

    ----------\\ Recherche de fichiers

    C:\WINDOWS\System32\ipidgygnufdz.dll-uninst.exe FOUND!
    C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\9ax3i51m.default\searchplugins\Yoog Search.xml FOUND!

    ----------\\ Recherche dans prefs.js

    prefs.js [laura - 9ax3i51m.default] user_pref("browser.search.defaultenginename", "Yoog Search");
    prefs.js [laura - 9ax3i51m.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q=");
    prefs.js [laura - 9ax3i51m.default] user_pref("browser.search.selectedEngine", "Yoog Search");
    prefs.js [laura - 9ax3i51m.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q=");

    user.js [laura - 9ax3i51m.default] user_pref("browser.search.defaultenginename", "Yoog Search");
    user.js [laura - 9ax3i51m.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q=");
    user.js [laura - 9ax3i51m.default] user_pref("browser.search.selectedEngine", "Yoog Search");
    user.js [laura - 9ax3i51m.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q=");

    ----------\\ Recherche dans le registre

    [HKEY_USERS\S-1-5-21-2901312647-3645732523-1425201923-1000\..\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [HKEY_USERS\S-1-5-21-2901312647-3645732523-1425201923-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] @DisplayName=Yoog Search
    [HKCU\..\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] @DisplayName=Yoog Search

    ----------\\ Infections associées possibles

    ----------\\ Suspects ( PAS FORCEMENT INFECTIEUX )

    +---> Registre

    +---> Fichiers

    [--a------ + 19/01/2008 09:35 + 23552] C:\Windows\system32\nshhttp.dll
    [--a------ + 19/01/2008 09:35 + 352256] C:\Windows\system32\nshipsec.dll
    [--a------ + 19/01/2008 09:35 + 8192] C:\Windows\system32\nsi.dll
    [--a------ + 19/01/2008 09:35 + 18432] C:\Windows\system32\nsisvc.dll
    [--a------ + 29/04/2009 16:25 + 685056] C:\Windows\system32\nsjA334.dll
    [--a------ + 29/04/2009 16:25 + 677888] C:\Program Files\Mozilla Firefox\components\eab9ca83-ec45-69e9-982a-2b42941ce9e7.dll
    [--a------ + 14/05/2009 17:28 + 572928] C:\Windows\system32\ipidgygnufdz.dll
    [--a------ + 14/05/2009 17:28 + 572928] C:\Windows\system32\ipidgygnufdz.dll

    +---------------\\Analyse complémentaire

    +---------\\ Tâches planifiées

    C:\Windows\Tasks\SCHEDLGU.TXT

    ----------\\ Analyse de Firefox

    [C:\Users\laura\..\prefs.js] browser.startup.homepage: https://www.orange.fr/portail
    [C:\Users\laura\..\prefs.js] browser.startup.homepage: https://www.orange.fr/portail
    [C:\Users\laura\..\prefs.js] browser.search.selectedEngine: Yoog Search
    [C:\Users\laura\..\prefs.js] browser.search.defaultenginename: Yoog Search

    ----------\\ Extensions Firefox

    [User: laura (9ax3i51m.default)] - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\9ax3i51m.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [User: laura (9ax3i51m.default)] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    [User: laura (9ax3i51m.default)] - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\9ax3i51m.default\extensions\OberonGameHost@OberonGames.com
    [User: laura (9ax3i51m.default)] - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\9ax3i51m.default\extensions\OberonGameHost@OberonGames.com
    [User: laura (9ax3i51m.default)] - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    [User: laura (9ax3i51m.default)] - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\9ax3i51m.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
    [User: laura (9ax3i51m.default)] - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ----------\\ Plugins de recherche

    [User: laura (9ax3i51m.default)] - C:\Users\..\searchplugins\orange.xml: Orange - https://www.orange.fr/portail
    [10/09/2006 13:35|1516] - C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml: Amazon.fr - Recherche Amazon.fr: https://www.amazon.fr/
    [28/09/2008 09:10|757] - C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml: eBay France - eBay - Enchères en ligne: http://search.ebay.fr/
    [16/04/2008 06:08|1706] - C:\Program Files\Mozilla Firefox\searchplugins\google.xml: Google - Google Search: https://www.google.com/
    [10/09/2006 13:35|748] - C:\Program Files\Mozilla Firefox\searchplugins\MediaDICO-fr.xml: MediaDICO - Les Dictionnaires Mediadico: http://www.dictionnaire-mediadico.com/dictionnaires.asp
    [29/03/2008 15:59|1426] - C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml: Wikipédia (fr) - Wikipédia, l'encyclopédie libre: https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
    [12/09/2006 20:49|652] - C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml: Yahoo - Recherche Yahoo: https://fr.search.yahoo.com/

    ----------\\ Listing de dossiers

    [22/04/2009 11:47 | --a------ | 348547 bytes] C:\Program Files\Mozilla Firefox\Components\browser.xpt
    [28/04/2009 16:58 | --a------ | 23032 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
    [28/04/2009 16:58 | --a------ | 134648 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
    [29/04/2009 16:25 | --a------ | 677888 bytes] C:\Program Files\Mozilla Firefox\Components\eab9ca83-ec45-69e9-982a-2b42941ce9e7.dll
    [14/05/2009 17:28 | --a------ | 463872 bytes] C:\Program Files\Mozilla Firefox\Components\ipidgygnufdz.dll
    [21/05/2009 20:56 | --a------ | 410984 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    [28/04/2009 16:58 | --a------ | 65528 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

    ----------\\ Analyse d'Internet Explorer

    HKEY_CURRENT_USER\..\Internet Explorer,Start Page: https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
    HKEY_CURRENT_USER\..\Internet Explorer,Search Page: https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\..\Internet Explorer,Search Page: https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\..\Internet Explorer,Start Page: https://www.hugedomains.com/domain_profile.cfm?d=cooxer&e=com
    HKEY_LOCAL_MACHINE\..\Internet Explorer,Default_Search_URL: https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    ----------\\ Browser Helper Object

    ----------\\ SearchScopes

    [HKEY_USERS\S-1-5-21-2901312647-3645732523-1425201923-1000\..\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [HKEY_USERS\S-1-5-21-2901312647-3645732523-1425201923-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=Yoog Search
    [HKEY_USERS\S-1-5-21-2901312647-3645732523-1425201923-1000\..\SearchScopes\{274B0F48-E84F-46EE-AADC-F78C00160DC1}],@DisplayName=@ieframe.dll,-12512
    [HKEY_USERS\S-1-5-21-2901312647-3645732523-1425201923-1000\..\SearchScopes\{DAE1F01E-CDBA-4583-BDD0-F32DADF35661}],@DisplayName=Yahoo! France
    [HKCU\..\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=Yoog Search
    [HKCU\..\SearchScopes\{274B0F48-E84F-46EE-AADC-F78C00160DC1}],@DisplayName=@ieframe.dll,-12512
    [HKCU\..\SearchScopes\{DAE1F01E-CDBA-4583-BDD0-F32DADF35661}],@DisplayName=Yahoo! France
    [HKLM\..\SearchScopes],@DefaultScope={DAE1F01E-CDBA-4583-BDD0-F32DADF35661}
    [HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
    [HKLM\..\SearchScopes\{DAE1F01E-CDBA-4583-BDD0-F32DADF35661}],@DisplayName=Yahoo! France

    ----------\\ Extensions

    +--------------- Fin à 21h 29min
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais yoogfix option 2
    et colle le rapport

    puis remets un rapoprt rsit et dis si encore des soucis
    0
    1. jean-claude59 Messages postés 483 Statut Membre 37
       
      re bonsoir voici

      Yoog_Fix 2.02 de Batch_Man
      Debut a 0:02 le 22/05/2009
      Microsoft Windows Vista Home Edition (6.0.6001) Service Pack 1
      Internet Explorer 7.0.6001.18000
      Mozilla Firefox 3.0.10 (fr)
      BitDefender 8.0 (Not activated)
      BitDefender 8.0 (Activated)

      C:\ [Fixed] - NTFS - (Total:144992 Mo/Free:1873 Mo)
      D:\ [Fixed] - NTFS - (Total:7632 Mo/Free:2358 Mo)
      E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
      UAC: ON

      Option 1 [2] Suppression

      +---------------\\ Suppression


      ----------\\ Suppression dans de fichiers

      DELETED - C:\Windows\system32\*.DLL-UNINST.EXE

      ----------\\ Suppression dans prefs.js et user.js

      prefs.js [laura - 9ax3i51m.default] user_pref("browser.search.defaultenginename", "Yoog Search"); - DELETED
      prefs.js [laura - 9ax3i51m.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q="); - DELETED
      prefs.js [laura - 9ax3i51m.default] user_pref("browser.search.selectedEngine", "Yoog Search"); - DELETED
      prefs.js [laura - 9ax3i51m.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q="); - DELETED
      user.js [laura - 9ax3i51m.default] user_pref("browser.search.defaultenginename", "Yoog Search"); - DELETED
      user.js [laura - 9ax3i51m.default] user_pref("browser.search.defaulturl", "http://www27.yoog.com/search.php?q="); - DELETED
      user.js [laura - 9ax3i51m.default] user_pref("browser.search.selectedEngine", "Yoog Search"); - DELETED
      user.js [laura - 9ax3i51m.default] user_pref("keyword.URL", "http://www27.yoog.com/search.php?q="); - DELETED

      ----------\\ Suppression dans le registre


      ----------\\ Fichiers temporaires
      0
  11. jean-claude59 Messages postés 483 Statut Membre 37
     
    voici le 2 eme rapport rsit

    ogfile of random's system information tool 1.06 (written by random/random)
    Run by laura at 2009-05-22 00:09:14
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 96 GB (66%) free of 145 GB
    Total RAM: 2046 MB (48% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:09:21, on 22/05/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\laura\Downloads\RSIT(2).exe
    C:\Program Files\Trend Micro\HijackThis\laura.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_1_2_1.cab
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok parfait

    si tu n'as pas reussi tool cleaner passe ceci:

    Télécharge OTCleanIt de OldTimer sur ton Bureau

    Lance OTCleanIt avec un double-clic (sous Vista, lance-le en cliquant droit sur OTCleanIt.exe et en sélectionnant "exécuter en tant qu'administrateur")

    Appuie sur le bouton "CleanUp!"

    A la question "begin cleanup process?", réponds "YES"

    A la fin de l'opération, si OTCleanIt demande de redémarrer ("Do you want to reboot now?"), ferme ce que tu es en train de faire (internet, documents divers...) et clique sur "YES":

    Au redémarrage, OTCleanIt aura supprimé les outils de désinfection, et se sera même auto-détruit!
    0
    1. jean-claude59 Messages postés 483 Statut Membre 37
       
      ok c'est fait merci , bonne soirée et a bientot
      0