PC Rame : Rapport HijackThis HELP

Question

Bonjour, 
Depuis quelques mois(et oui je ne sais plus quoi faire) mon pc rame, que ce soit sur internet, les jeux (même n'ayant pas besoin de beaucoup) et sur le reste (tout en gros). 
Je me suis dit que j'allais poster un rapport HijackThis ici en esperant que vous trouverez quelque chose, je vous remercie :) 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:20, on 24/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Documents and Settings\Haufor\Bureau\Charles\d\Downloads\HiJackThis.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.secf.asso.fr/INFONETWeb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: adssite - {fb8ede28-053b-79c0-c2d6-94100adce23f} - C:\WINDOWS\system32
sw5CB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NI.UWA6PV_0001_N76M1904] "C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QX70T0FQ\WinAntiVirusPro2006FreeInstall_fr[1].exe" -nag 
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SService] C:\WINDOWS\system32\wpv8711.cpx
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Haufor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?03b7a66007f14417bf8618de7b09452c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?03b7a66007f14417bf8618de7b09452c
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - https://www.afternic.com/forsale/vscanasap.mondsi.com?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c9a55ac66a1350) (gupdate1c9a55ac66a1350) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

archet9 · Answer

Bonsoir,Spylock


---> Télécharge ComboFix.exe de sUBs sur ton Bureau : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\ 

---> Double-clique sur Combofix.exe 
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...". 
Accepte en cliquant sur "Oui" 

---> Mets-le en langue française F 
Tape sur la touche 1 (Yes) pour démarrer le scan. 

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ 

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+

Spylock · Answer

Desole pour le temp que j'ai mis :s


ComboFix 09-08-23.01 - Haufor 24/08/2009 19:54.1.1 - NTFSx86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.446.207 [GMT 2:00]
Running from: c:\documents and settings\Haufor\Bureau\ComboFix.exe
AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\documents and settings\All Users\Application Data\Starware370
c:\documents and settings\All Users\Application Data\Starware370\buttons\findit_music.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware370\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware370\buttons\lyrics.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\music_search.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttonsadio.bmp
c:\documents and settings\All Users\Application Data\Starware370\buttons\starware_toolbar_icon.bmp
c:\documents and settings\All Users\Application Data\Starware370\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware370\contextselated.xml
c:\documents and settings\All Users\Application Data\Starware370\contexts	ravel.xml
c:\documents and settings\Haufor\Application Data\BITS
c:\documents and settings\Haufor\Application Data\BITS\BITS.ini
c:\documents and settings\Haufor\Application Data\BITS\DHTTable.dat
c:\documents and settings\Haufor\Application Data\BITS\ProxyList.ini
c:\documents and settings\Haufor\Application Data\BITS\UPnP.ini
c:\documents and settings\Haufor\Application Data\inst.exe
c:\documents and settings\Haufor\Application Data\urlredir.cfg
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles	asks.dat
c:\program files\FlashGet Network\FlashGet universal	ransaction.log
c:\program files\Mozilla Firefox\Components\0e1962c0-bf46-c137-61ca-f2aa4cc63bb0.dll
c:\program files\Starware370
c:\program files\Starware370\bin\Starware370.dll
c:\program files\Starware370\brand.bmp
c:\program files\Starware370\icons\star_16.ico
c:\program files\Starware370\Starware370Config.xml
c:ecycler\S-1-5-21-1233206389-4152938375-1384640426-500
c:\windows\system32\{07e254c9-af3d-0a7a-3dbc-e77c2354d137}.dll-uninst.exe
c:\windows\system32\adssite-remove.exe
c:\windows\system32\Cache
c:\windows\system32\cont_adssite-remove.exe
c:\windows\system32\d3cc8073-1a89-7d0b-22df-a45840e095f3.exe
c:\windows\system32\gzmrot-uninst.exe
c:\windows\system32\mysidesearch_sidebar_uninstall.exe
c:\windows\system32\myss_sb_uninstall.exe
c:\windows\system32\service.exe
c:\windows\system32\UpMedia
c:\windows\system32\winio.vxd
c:\windows\wiaservb.log

.
(((((((((((((((((((((((((   Files Created from 2009-07-24 to 2009-08-24  )))))))))))))))))))))))))))))))
.

2009-08-24 17:19 . 2009-08-24 17:19	--------	d-----w-	c:\program files\AIDA32 - Personal System Information
2009-08-24 16:40 . 2009-08-24 16:40	--------	d-----w-	c:\program files\Lavalys
2009-08-21 17:08 . 2009-08-21 17:08	--------	d-----w-	c:\program files\CCleaner
2009-08-21 17:03 . 2009-08-21 17:08	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-08-20 12:24 . 2009-08-20 12:25	--------	d-----w-	c:\program files\ma-config.com
2009-08-20 12:24 . 2009-08-20 12:24	--------	d-----w-	c:\documents and settings\All Users\Application Data\ma-config.com
2009-08-12 18:32 . 2009-07-10 13:27	1315328	------w-	c:\windows\system32\dllcache\msoe.dll
2009-08-07 01:09 . 2009-08-07 01:09	--------	d-----w-	c:\windows\system32\XPSViewer
2009-08-07 01:09 . 2009-08-07 01:09	--------	d-----w-	c:\program files\MSBuild
2009-08-07 01:08 . 2009-08-07 01:08	--------	d-----w-	c:\program files\Reference Assemblies
2009-08-07 01:07 . 2008-07-06 12:06	89088	------w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 01:07 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2009-08-07 01:07 . 2008-07-06 10:50	597504	------w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 01:07 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2009-08-07 01:07 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 01:07 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2009-08-07 01:07 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 01:07 . 2009-08-07 01:08	--------	d-----w-	C:\dff111796deb6d89f3a3f87d679fe6aa
2009-08-07 01:07 . 2009-08-07 01:24	--------	d-----w-	c:\windows\SxsCaPendDel
2009-08-05 09:00 . 2009-08-05 09:00	205312	------w-	c:\windows\system32\dllcache\mswebdvd.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-24 18:03 . 2008-08-18 17:49	--------	d-----w-	c:\documents and settings\Haufor\Application Data\DNA
2009-08-24 17:33 . 2009-05-24 15:55	--------	d-----w-	c:\program files\FlashGet
2009-08-24 17:16 . 2009-04-05 12:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2009-08-24 16:01 . 2006-06-15 11:52	--------	d-----w-	c:\program files\Equita
2009-08-24 11:37 . 2007-11-01 17:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 11:33 . 2008-08-18 17:49	--------	d-----w-	c:\program files\DNA
2009-08-21 16:38 . 2007-11-13 19:29	--------	d-----w-	c:\program files\Steam
2009-08-08 09:31 . 2007-04-12 15:37	23848	-c--a-w-	c:\documents and settings\Haufor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-07 01:14 . 2004-08-16 03:35	81196	----a-w-	c:\windows\system32\perfc00C.dat
2009-08-07 01:14 . 2004-08-16 03:35	504108	----a-w-	c:\windows\system32\perfh00C.dat
2009-08-05 09:00 . 2004-08-05 02:00	205312	----a-w-	c:\windows\system32\mswebdvd.dll
2009-07-17 19:03 . 2004-08-05 02:00	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-05 02:00	286208	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-05 08:14 . 2009-03-21 09:20	--------	d-----w-	c:\documents and settings\Haufor\Application Data\Azureus
2009-07-03 17:46 . 2006-04-10 03:02	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-02 15:07 . 2006-04-24 12:49	--------	d-----w-	c:\program files\Fichiers communs\HP
2009-07-02 15:03 . 2008-06-29 09:53	--------	d-----w-	c:\program files\Dofus
2009-07-02 14:30 . 2009-07-02 11:50	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-07-02 11:50 . 2009-07-02 11:50	--------	d-----w-	c:\documents and settings\Haufor\Application Data\SystemRequirementsLab
2009-07-02 11:50 . 2009-07-02 11:50	208896	----a-w-	c:\documents and settings\Haufor\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-02 11:50 . 2009-07-02 11:50	208896	----a-w-	c:\documents and settings\Haufor\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-02 11:50 . 2009-07-02 11:50	208896	----a-w-	c:\documents and settings\Haufor\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-02 11:50 . 2009-07-02 11:50	208896	----a-w-	c:\documents and settings\Haufor\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-07-01 17:59 . 2009-07-01 17:59	1292288	----a-w-	c:\windows\system32
sw5CB.dll
2009-06-29 16:41 . 2009-06-29 16:41	--------	d-----w-	c:\program files\Cartoon Maker
2009-06-29 15:57 . 2004-08-05 02:00	827392	----a-w-	c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2004-08-05 02:00	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2004-08-05 02:00	17408	------w-	c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2004-08-05 02:00	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 02:00	119808	----a-w-	c:\windows\system32	2embed.dll
2009-06-15 10:44 . 2004-08-05 02:00	78848	----a-w-	c:\windows\system32	elnet.exe
2009-06-15 10:44 . 2004-08-05 02:00	82944	----a-w-	c:\windows\system32	lntsess.exe
2009-06-10 14:14 . 2004-08-05 02:00	85504	----a-w-	c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-08-05 02:00	2066432	----a-w-	c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-05 02:00	132096	----a-w-	c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-08-05 02:00	1297408	----a-w-	c:\windows\system32\quartz.dll
2008-07-25 08:31 . 2009-05-24 13:20	28672	----a-w-	c:\program files\mozilla firefox\components\flashgetXpi.dll
2008-09-04 11:45 . 2008-10-11 12:09	343552	----a-w-	c:\program files\mozilla firefox\components
sbads.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 17:40	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fb8ede28-053b-79c0-c2d6-94100adce23f}]
2009-07-01 17:59	1292288	----a-w-	c:\windows\system32
sw5CB.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-07 342848]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Google Update"="c:\documents and settings\Haufor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-03 133104]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2007-09-03 339968]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2007-09-03 525824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2007-09-03 155648]
"McAfee Managed Services Tray"="c:\program files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2009-04-13 87360]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\Agent\Splash.exe" [2009-04-13 468288]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-09-03 49152]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-11-05 36864]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-11-05 40960]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-13 136600]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Readereader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9a55ac66a1350"=2 (0x2)
"EngineServer"=2 (0x2)
"ATI Smart"=2 (0x2)
"ASKUpgrade"=2 (0x2)
"ASKService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=
"c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=
"c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=
"c:\Program Files\Cyanide\Horse Racing Manager\GAMEHR.EXE"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\NEC\NEC Mobile Suite\CommsService.exe"=
"c:\WINDOWS\system32\java.exe"=
"c:\Program Files\Steam\steamapps\notrehaufor\counter-strike source\hl2.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\DNA\btdna.exe"=
"c:\Documents and Settings\Haufor\Mes documents\Ma musique\Charles\Nexuiz\nexuiz-sdl.exe"=
"c:\Program Files\xerox\nwwia\XrxFTPLt.exe"=
"c:\WINDOWS\system32\rtcshare.exe"=
"c:\Program Files\LimeWire\LimeWire.exe"=
"c:\Program Files\Vuze\Azureus.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Windows Live\Messenger\livecall.exe"=
"c:\Program Files\FlashGet\flashget.exe"=
"c:\quadra\PGM32\QMajTCP.exe"=
"c:\Program Files\Steam\steamapps\notrehaufor\source dedicated server\srcds.exe"=

R2 myAgtSvc;Service de protection contre les virus et les logiciels espions McAfee;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [11/04/2006 14:35 175704]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [24/08/2009 18:41 26736]
S2 gupdate1c9a55ac66a1350;Google Update Service (gupdate1c9a55ac66a1350);c:\program files\Google\Update\GoogleUpdate.exe [15/03/2009 12:42 133104]
S3 archbus;NEC WMC USB_BJ1 Composite Device driver (WDM);c:\windows\system32\drivers\archbus.sys [15/05/2006 19:18 52480]
S3 archmdfl;NEC WMC USB_BJ1 Modem Filter;c:\windows\system32\drivers\archmdfl.sys [08/06/2007 12:39 6032]
S3 archmdm;NEC WMC USB_BJ1 Port Drivers;c:\windows\system32\drivers\archmdm.sys [08/06/2007 12:39 87360]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 17:13 234864]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [21/03/2009 11:20 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [21/03/2009 11:21 234888]
S4 EngineServer;EngineServer;c:\program files\McAfee\Managed VirusScan\VScan\EngineServer.exe [16/05/2008 13:24 14144]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EVERESTDRIVER
.
Contents of the 'Scheduled Tasks' folder

2009-08-24 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 15:26]

2009-08-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-30 12:59]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 10:42]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 10:42]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-985620857-2349409466-1895725101-1008Core.job
- c:\documents and settings\Haufor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-07 13:25]

2009-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-985620857-2349409466-1895725101-1008UA.job
- c:\documents and settings\Haufor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-07 13:25]

2009-08-23 c:\windows\Tasks\User_Feed_Synchronization-{6757B9B0-AF82-4D4F-AE3C-C40D6A2CD855}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 16:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SService - c:\windows\system32\wpv8711.cpx


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.secf.asso.fr/INFONETWeb/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ouvrir dans un nouvel onglet d'arrière-plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?03b7a66007f14417bf8618de7b09452c
IE: Ouvrir dans un nouvel onglet de premier plan - c:\program files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?03b7a66007f14417bf8618de7b09452c
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
FF - ProfilePath - c:\documents and settings\Haufor\Application Data\Mozilla\Firefox\Profiles\7vtv08ys.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\flashgetXpi.dll
FF - component: c:\program files\Mozilla Firefox\components
sbads.dll
FF - plugin: c:\documents and settings\Haufor\Local Settings\Application Data\Google\Update\1.2.183.7
pGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth Plugin
pgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592
pCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3
pPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3
pPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www1.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www1.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: google.toolbar.linkdoctor.enabled - false
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 20:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{031957b5-ba40-4795-9d4d-a92dba26961a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000080
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):68,9c,66,9a,6d,69,fb,b9,8e,4d,58,69,03,08,29,47,66,3f,7e,97,23,
   0e,32,da,c9,3e,a5,18,33,70,b4,55,ab,16,d1,91,67,d2,9d,81,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040311900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-24 20:11
ComboFix-quarantined-files.txt  2009-08-24 18:11

Pre-Run: 30 797 901 824 octets libres
Post-Run: 33 935 192 064 octets libres

325	--- E O F ---	2009-08-13 01:06

archet9 · Answer

Ok...très bien !

Fais ceci maintenant stp...

Télécharges RSIT  (de random/random) sur le bureau :

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

Les rapports sont dans le dossier ici C:\rsit
a+

Spylock · Answer

Log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by Haufor at 2009-08-24 21:43:58
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 32 GB (42%) free of 76 GB
Total RAM: 446 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:10, on 24/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\HtmlDlg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Haufor\Bureau\RSIT.exe
C:\Documents and Settings\Haufor\Bureau\Charles\d\Downloads\Haufor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.secf.asso.fr/INFONETWeb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: adssite - {fb8ede28-053b-79c0-c2d6-94100adce23f} - C:\WINDOWS\system32
sw5CB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Haufor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?03b7a66007f14417bf8618de7b09452c
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?03b7a66007f14417bf8618de7b09452c
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - https://www.afternic.com/forsale/vscanasap.mondsi.com?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc&
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Update Service (gupdate1c9a55ac66a1350) (gupdate1c9a55ac66a1350) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Spylock · Answer

J'ai fait une analyse avec Spybot Search Et Destroy et qui a trouvé et détruit 41 éléments puis j'ai fait une analyse complete de mon systeme avec CCleaner (sauf les trucs avance mais j'ai fait Netoyer l'espace libre) qui m'as netoyer pas mal de trucs.Malheureusement il rame encore (6 secondes pour lancer Windows Live Messenger 8.5).


Voilà

Spylock · Answer

Toujours personne pour m'aider?

archet9 · Answer

Ok , 
Il reste encore quelques m....s à virer:

Télécharge [Toolbar-S&D (Team IDN) sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 TOOLbar-s&d ] 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique maintenant sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée. 
* Choisis maintenant l'option 2 (suppression). 
Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt)

Ensuite:

Fais un scan avec cet antispyware :TelechargesMalwarebytes + tutoriel
 
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher". 
Laisses le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.  

a+

Spylock · Answer

Rapport de Toolbar SD:


   -----------\  ToolBar S&D 1.2.9   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
   BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
   USER : Haufor ( Administrator )
   BOOT : Normal boot
   Antivirus : Total Protection Service 4.7.0.752 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total:74 Go (Free:35 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD)
   F:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
   Option : [2] ( 25/08/2009|19:27 )

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="http://www.secf.asso.fr/INFONETWeb/"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 25/08/2009|19:29 - Option : [2]

   -----------\  Fin du rapport a 19:29:27,39

Spylock · Answer

Rapport de Malwarebyte's:

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2695
Windows 5.1.2600 Service Pack 3

25/08/2009 19:49:59
mbam-log-2009-08-25 (19-49-59).txt

Type de recherche: Examen rapide
Eléments examinés: 113888
Temps écoulé: 10 minute(s), 31 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb8ede28-053b-79c0-c2d6-94100adce23f} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fb8ede28-053b-79c0-c2d6-94100adce23f} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
sw5CB.dll (Adware.BHO) -> Delete on reboot.

archet9 · Answer

Très bien...

Ceci maintenant:

Telecharge GENPROC

http://www.genproc.com/GenProc.exe

Copie et colle le rapport stp...


a+

Spylock · Answer

Je n'arrive pas à poster le rapport, ca me met confirmation et si je met modifier ca met Vous ne pouvez pas car il a été modéré !

Spylock · Answer

Voilà le rapport de GenProc

Rapport GenProc 2.615 [2] - 25/08/2009 à 21:38:47 
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (7.0.5730.13) [Navigateur par défaut]

# Etape 1/ Télécharge :
 
- Yoog_Fix http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe (Batch_Man) sur le Bureau.


 Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/  ; Choisis ta session courante *** Haufor *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[2]" sur ton bureau).


# Etape 2/ 

Lance Yoog_Fix depuis le Bureau et choisis l'option 1 (Recherche/Suppression). Accepte le disclaimer, patiente et lorsque c'est terminé, clique sur OK.

# Etape 3/ 

 Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/ 

 Redémarre normalement et poste, dans la même réponse : 

- Le contenu du rapport Yoog.txt situé sur le Bureau ; 
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;

 Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~


# Détections [2] GenProc 2.615 25/08/2009 à 21:38:50 
Yoog:le 25/08/2009 à 21:39:35 "C:\Documents and Settings\Haufor\Application Data\Mozilla\Firefox\Profiles\7vtv08ys.default\searchplugins\Yoog Search.xml " 

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 21:39:56 ~~

archet9 · Answer

Réessaye stp....

a+

Spylock · Answer

J'ai essayer 4 fois, je vias poster le rapport sur un de mes anciens SKyblog et envoyer l'adresse =)


Voici l'adresse:
http://charly7653.skyrock.com/

Spylock · Answer

Au passage j'ai une question, est-il possible de voir si un membre de CCM.net est connecter sur le site?

archet9 · Answer

Je me renseigne....

==> En attendant  lance la procédure décrite dans le rapport  GENPROC...

a+

teutates · Answer

Je viens de débloquer ton rapport ;-)

archet9 · Answer

Colle le ici stp...


a+

Spylock · Answer

Rapport de Gen Proc

Rapport GenProc 2.615 [3] - 26/08/2009 à 16:59:58 
@ Windows XP Service Pack 3 - Mode normal
@ Internet Explorer (7.0.5730.13) [Navigateur par défaut]

# Etape 1/ Télécharge :

- Yoog_Fix http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe (Batch_Man) sur le Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Haufor *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[3]" sur ton bureau).


# Etape 2/ 

Lance Yoog_Fix depuis le Bureau et choisis l'option 1 (Recherche/Suppression). Accepte le disclaimer, patiente et lorsque c'est terminé, clique sur OK.

# Etape 3/ 

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/ 

Redémarre normalement et poste, dans la même réponse : 

- Le contenu du rapport Yoog.txt situé sur le Bureau ; 
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~


# Détections [2] GenProc 2.615 25/08/2009 à 21:38:50 
Yoog:le 25/08/2009 à 21:39:35 "C:\Documents and Settings\Haufor\Application Data\Mozilla\Firefox\Profiles\7vtv08ys.default\searchplugins\Yoog Search.xml " 

# Détections [3] GenProc 2.615 26/08/2009 à 17:00:03 
Yoog:le 26/08/2009 à 17:00:56 "C:\Documents and Settings\Haufor\Application Data\Mozilla\Firefox\Profiles\7vtv08ys.default\searchplugins\Yoog Search.xml " 

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 17:01:16 ~~ 


Rapport de Yoog Fix

Yoog_Fix 3.0.1 de Batch_Man | Haufor (Administrateur) 
Debut a 20:26 le 26/08/2009 
Microsoft Windows XP Professionnel(5.1.2600)
 
AMD Athlon(tm) 64 Processor 3200+
Ram : 446,5 Mo 
Fail-safe boot
 
Antivirus: Total Protection Service 4.7.0.752 (Activated) 
Lancé de "C:\Documents and Settings\Haufor\Bureau\Yoog_Fix.bat" 
 
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:76308 Mo/Free:3795 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
 
Option [1] 2 3 Recherche / Suppression  

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]

SUPPRIME - C:\Program Files\Mozilla Firefox\components
sbads.dll

SUPPRIME - HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\Software\Microsoft\Internet Explorer\SearchScopes\{1DE2A0BE-E9C0-412D-B334-1611798E11E7}
SUPPRIME - HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\Software\Microsoft\Internet Explorer\SearchScopes\{40231AC9-78A5-4C5C-A8C3-45E1580D7860}
SUPPRIME - HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\Software\Microsoft\Internet Explorer\SearchScopes\{4EEB457C-4A16-408B-B182-44CF7856211D}
SUPPRIME - HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\Software\Microsoft\Internet Explorer\SearchScopes\{A492054D-2D1C-4A68-B458-29C50A1E8FCF}
SUPPRIME - HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\Software\Microsoft\Internet Explorer\SearchScopes\{C66B8476-661F-4F5E-9673-807E47C2546D}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1DE2A0BE-E9C0-412D-B334-1611798E11E7}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{40231AC9-78A5-4C5C-A8C3-45E1580D7860}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4EEB457C-4A16-408B-B182-44CF7856211D}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A492054D-2D1C-4A68-B458-29C50A1E8FCF}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C66B8476-661F-4F5E-9673-807E47C2546D}
SUPPRIME - HKCU\Software\Microsoft\PiccoDrv

SUPPRIME - prefs.js [Haufor - 7vtv08ys.default] user_pref("browser.search.defaultenginename", "Yoog Search"); 
SUPPRIME - prefs.js [Haufor - 7vtv08ys.default] user_pref("browser.search.defaulturl", "http://www1.yoog.com/search.php?q="); 
SUPPRIME - prefs.js [Haufor - 7vtv08ys.default] user_pref("browser.search.selectedEngine", "Yoog Search"); 
SUPPRIME - prefs.js [Haufor - 7vtv08ys.default] user_pref("keyword.URL", "http://www1.yoog.com/search.php?q="); 
SUPPRIME - user.js [Haufor - 7vtv08ys.default] user_pref("browser.search.defaultenginename", "Yoog Search"); 
SUPPRIME - user.js [Haufor - 7vtv08ys.default] user_pref("browser.search.defaulturl", "http://www1.yoog.com/search.php?q="); 
SUPPRIME - user.js [Haufor - 7vtv08ys.default] user_pref("browser.search.selectedEngine", "Yoog Search"); 
SUPPRIME - user.js [Haufor - 7vtv08ys.default] user_pref("keyword.URL", "http://www1.yoog.com/search.php?q="); 
 
------------[Suspects]
 
Aucun fichier suspect trouvé 
 
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
»»»»»»»»»»» [Recherche: Analyse de Firefox]
 

------------[Analyse de Firefox]
  
 
Mozilla Firefox 3.0.10 (fr) 
Répertoire d'installation : C:\Program Files\Mozilla Firefox 
Path: C:\Documents and Settings\Haufor\Application Data\Mozilla\Firefox\Profiles\7vtv08ys.default 
 
[Haufor\..\prefs.js] browser.startup.homepage: "https://www.google.fr/?gws_rd=ssl" 
 
------------[Extensions Firefox] 
 
 
jqs@sun.com = C:\Program Files\Java\jre6\lib\deploy\jqs\ff 
{20a82645-c095-46ed-80e3-08825760534b} = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ 
 
------------[Mozilla Plugins] 
 
Path = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll  
XPTPath = C:\WINDOWS\system32\Macromed\Flash\flashplayer.xpt  
ProductName = Adobe® Flash® Player Plugin 
Vendor = Adobe Systems Incorporated 
Version = 10.0.22.87  
 
ProductName = DNA  
Version = 1.0.0.1  
 
Vendor = BitTorrent, Inc. 
Path = C:\Program Files\DNA\plugins
pbtdna.dll 
Path = C:\Program Files\DivX\DivX Web Player
pdivx32.dll 
XPTPath = C:\Program Files\DivX\DivX Web Player
pdivx32.xpt 
GeckoVersion = 1.00  
Version = 1.0.0  
 
Vendor = DivX,Inc.  
ProductName = DivX® Web Player 
Path = C:\Program Files\DivX\DivX Player
pDivxPlayerPlugin.dll 
XPTPath = C:\Program Files\DivX\DivX Player
sIDivxPlayerPlugin.xpt 
GeckoVersion = 1.00  
Version = 1.0.0  
 
Vendor = DivX,Inc.  
ProductName = DivX® Player Plugin 
Path = C:\Program Files\Google\Google Earth Plugin
pgeplugin.dll 
ProductName = Google Earth Plug-in 
Vendor = Google Inc. 
Version = 1.0.0.0  
 
EarthVersion = 5.0.11738.1858  
Path = C:\Program Files\Picasa2
pPicasa2.dll 
Vendor = Google, Inc. 
Path = C:\Program Files\Google\Picasa3
pPicasa3.dll 
Vendor = Google, Inc. 
Path = C:\Program Files\ma-config.com
phardwaredetection.dll 
Vendor = CybelSoft  
GeckoVersion = 1.7.2  
Path = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll 
ProductName = Windows Presentation Foundation 
Vendor = Microsoft Corp. 
Version = 3.5  
 
Path = C:\Program Files\Google\Google Updater\2.4.1536.6592
pCIDetect13.dll 
Vendor = Google Inc. 
Version = 13  
 
Path = C:\Program Files\Google\Update\1.2.183.7
pGoogleOneClick8.dll 
ProductName = Google Update 
Vendor = Google  
Version = 8  
 
Path = C:\Documents and Settings\Haufor\Local Settings\Application Data\Google\Update\1.2.183.7
pGoogleOneClick8.dll 
ProductName = Google Update 
Vendor = Google  
Version = 8  
 
 
------------[Plugins de recherche]
 
[Program Files] amazon-france.xml = https://www.amazon.fr/ 
[Program Files] eBay-france.xml = http://search.ebay.fr/ 
[Program Files] google.xml = https://www.google.com/ 
[Program Files] MediaDICO-fr.xml = http://www.dictionnaire-mediadico.com/dictionnaires.asp 
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche 
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/ 
 
------------[Listing de dossiers]
 
[02/07/2009 16:52 | 23032 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll 
[02/07/2009 16:52 | 134648 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll 
[25/07/2008 10:31 | 28672 bytes] C:\Program Files\Mozilla Firefox\Components\flashgetXpi.dll 
[07/08/2007 13:35 | 49152 bytes] C:\Program Files\Mozilla Firefox\plugins
p32dsw.dll 
[13/03/2009 19:38 | 410984 bytes] C:\Program Files\Mozilla Firefox\plugins
pdeploytk.dll 
[02/07/2009 16:53 | 65528 bytes] C:\Program Files\Mozilla Firefox\plugins
pnul32.dll 
  
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]
 
Internet Explorer : 7.0.5730.13 
 
L1 = HKLM\..\Main.Start Page = https://www.msn.com/fr-fr/
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Window Title = 
L1 = HKCU\..\Main.Start Page = http://www.secf.asso.fr/INFONETWeb/
L1 = HKCU\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-20\..\Main.Start Page = https://www8.hp.com/fr/fr/home.html
L1 = HKU\S-1-5-21-985620857-2349409466-1895725101-1008\..\Main.Start Page = http://www.secf.asso.fr/INFONETWeb/
L1 = HKU\S-1-5-21-985620857-2349409466-1895725101-1008\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Toolbar.LinksFolderName = Liens
L1 = HKU\S-1-5-21-985620857-2349409466-1895725101-1008\..\Toolbar.LinksFolderName = Liens
L2 = HKCU\..\Internet Connection Wizard.ShellNext = https://www8.hp.com/fr/fr/home.html
 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet =  
NavigationFailure = res://ieframe.dll/navcancl.htm 
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm 
NavigationCanceled = res://ieframe.dll/navcancl.htm 
OfflineInformation = res://ieframe.dll/offcancl.htm 
Home = 0x10e 
blank = res://mshtml.dll/blank.htm 
PostNotCached = res://ieframe.dll/repost.htm 
NoAdd-ons = res://ieframe.dll/noaddon.htm 
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm 
SecurityRisk = res://ieframe.dll/securityatrisk.htm 
Tabs = res://ieframe.dll/tabswelcome.htm 
 
--------[Browser Helper Object]
 
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3},@SANS NOM=3.0  
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7},@SANS NOM=3.0  
BHO: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7},@SANS NOM=flashget urlcatch 
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=3.0  
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045},@SANS NOM=3.0  
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=3.0  
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7},@SANS NOM=3.0  
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D},@SANS NOM=3.0  
BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0},@SANS NOM=3.0  
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E},@SANS NOM=3.0  
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E},@SANS NOM=Google Dictionary Compression sdch 
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=3.0  
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=3.0  
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C},@SANS NOM=JQSIEStartDetectorImpl  
BHO: {F156768E-81EF-470C-9057-481BA8380DBA},@SANS NOM=3.0  
 
--------[SearchScopes]
 
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes],@DefaultScope={77BB4626-6858-4355-BD33-21344DD73F7B} 
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{00F7A424-D32D-45A6-9A35-5B37A57D141E}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0144404C-4066-4A83-9DDE-0A5506F12E9B}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0159FB18-C615-4927-8ACA-CA368DC71E82}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{022F55E1-F805-47B5-985F-8BA911A72FEA}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{02C20407-AD5C-4BF7-BB12-B129F2DE6B57}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{03055BC6-765A-4685-83B7-B31B96F2D254}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{03485E11-57A3-4A76-923A-151842573B09}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{048A471E-D7FC-4AC1-97C3-C26D1ED7D696}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{04B97B83-DCC0-4FCA-98AE-390AC74ADE08}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{04CFA7BF-86DC-4C6E-A28D-73172D987FEE}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{055A8438-9B15-430E-A907-E5E50229CE6E}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{05EC7B04-7A52-4402-BFAD-562A4FEA0EC3}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{06275E67-25A1-429D-8FFA-FC04FA055AFA}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{066765A7-05FE-4A2C-AE54-EA9457CEA161}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{06923F67-51E9-464E-9E7B-E9A7377B830A}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{06A8C026-9747-43E8-BFF5-44D239FAD469}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{07850A3F-4062-4ED0-A230-3DA8E8553BE2}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0826C78B-7268-4AA4-B558-5DCC4DF01538}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{08BD672C-6BC2-493E-8456-E1482F2743C9}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{08C0E424-B3D0-4EF8-832C-6B4BC2B3B282}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{08DC3ACE-C038-431A-92CA-83F4F6BA126A}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{096136C2-B0AE-4BCA-AC0C-F246BBDCA5F1}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0B2C1B2E-18B6-4546-B22C-E36985392CA8}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0C461158-A81C-4233-B48D-34D7C8D83290}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0D09B01F-B42B-4268-9279-63443809CC90}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0D0DAD4B-7F6A-4471-9A16-3A858CA30053}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0DA68EA4-A15C-429D-8031-049397226A93}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0DC3DD51-1C72-4FAE-9264-CB66A060BC5E}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0F39093B-18B6-430F-972D-B084000E75D8}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{0F69A203-ADBB-45EC-ABF2-BE45F578A51F}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{10E1FD4F-7A4F-403E-B3F9-FB2031CF6F62}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{11F1DE5F-632C-4F6A-856B-45F889984875}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{13C88C48-A46B-4A00-9878-B041C04DEEBB}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{1464090A-EEBB-4642-A864-F46A934B051E}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{1487D51C-D211-47B2-AEF6-71CA9E7E3324}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{14C6528D-D5CF-4E0F-8B9A-E8752B962F4E}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{151A19C7-10D8-4CCD-B14D-86C0FF6CFF10}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{168D91B5-71A7-42DA-B83C-F8038799DE14}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{16C67973-6FCB-4D7D-BD43-92DCC37785D3}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{16E59AE4-EA7E-48A0-A9C0-87C711B6B275}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{1733FE9F-8C6C-46DD-9CEE-203B62D3F3CF}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{1744A73F-EADF-4536-BCD6-323453E776DE}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{177A75C4-5C29-4C30-9E39-CB66575BA73E}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{17E95AB7-E526-4D0B-8B67-4D40C38E1E6E}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{18AA00E4-8FA4-481F-BC12-20FCB4C0603F}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{18DE5D3B-CAD5-4FA5-8F99-F97CDFDA4C03}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{18E6FD0C-28F8-4CC4-BF86-BBCACEDC4DA5}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{1918C5B8-FA5B-466C-9AA4-240BC07DCB61}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{19925B3B-3F17-4E81-980F-7DA7971A4A75}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{19C898C7-7065-444D-9C58-8B8A9994DD0B}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{1A3E760A-B822-45D6-A430-BA4645DEE99D}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{1A9A53B2-DC3E-4D16-B2E4-E66934CB0BAD}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{1B528501-803F-49F0-8731-E9D42AEA2044}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{77BB4626-6858-4355-BD33-21344DD73F7B}],@DisplayName=Google  
[HKEY_USERS\S-1-5-21-985620857-2349409466-1895725101-1008\..\SearchScopes\{9CB2987A-34B5-4FEE-832C-E5E1E05926AE}],@DisplayName=Google  
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={77BB4626-6858-4355-BD33-21344DD73F7B} 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{00F7A424-D32D-45A6-9A35-5B37A57D141E}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0144404C-4066-4A83-9DDE-0A5506F12E9B}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0159FB18-C615-4927-8ACA-CA368DC71E82}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{022F55E1-F805-47B5-985F-8BA911A72FEA}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{02C20407-AD5C-4BF7-BB12-B129F2DE6B57}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{03055BC6-765A-4685-83B7-B31B96F2D254}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{03485E11-57A3-4A76-923A-151842573B09}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{048A471E-D7FC-4AC1-97C3-C26D1ED7D696}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04B97B83-DCC0-4FCA-98AE-390AC74ADE08}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{04CFA7BF-86DC-4C6E-A28D-73172D987FEE}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{055A8438-9B15-430E-A907-E5E50229CE6E}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{05EC7B04-7A52-4402-BFAD-562A4FEA0EC3}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06275E67-25A1-429D-8FFA-FC04FA055AFA}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{066765A7-05FE-4A2C-AE54-EA9457CEA161}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06923F67-51E9-464E-9E7B-E9A7377B830A}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{06A8C026-9747-43E8-BFF5-44D239FAD469}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{07850A3F-4062-4ED0-A230-3DA8E8553BE2}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0826C78B-7268-4AA4-B558-5DCC4DF01538}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08BD672C-6BC2-493E-8456-E1482F2743C9}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08C0E424-B3D0-4EF8-832C-6B4BC2B3B282}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08DC3ACE-C038-431A-92CA-83F4F6BA126A}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{096136C2-B0AE-4BCA-AC0C-F246BBDCA5F1}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B2C1B2E-18B6-4546-B22C-E36985392CA8}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0C461158-A81C-4233-B48D-34D7C8D83290}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D09B01F-B42B-4268-9279-63443809CC90}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D0DAD4B-7F6A-4471-9A16-3A858CA30053}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DA68EA4-A15C-429D-8031-049397226A93}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DC3DD51-1C72-4FAE-9264-CB66A060BC5E}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F39093B-18B6-430F-972D-B084000E75D8}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0F69A203-ADBB-45EC-ABF2-BE45F578A51F}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10E1FD4F-7A4F-403E-B3F9-FB2031CF6F62}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{11F1DE5F-632C-4F6A-856B-45F889984875}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{13C88C48-A46B-4A00-9878-B041C04DEEBB}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1464090A-EEBB-4642-A864-F46A934B051E}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1487D51C-D211-47B2-AEF6-71CA9E7E3324}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{14C6528D-D5CF-4E0F-8B9A-E8752B962F4E}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{151A19C7-10D8-4CCD-B14D-86C0FF6CFF10}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{168D91B5-71A7-42DA-B83C-F8038799DE14}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16C67973-6FCB-4D7D-BD43-92DCC37785D3}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{16E59AE4-EA7E-48A0-A9C0-87C711B6B275}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1733FE9F-8C6C-46DD-9CEE-203B62D3F3CF}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1744A73F-EADF-4536-BCD6-323453E776DE}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{177A75C4-5C29-4C30-9E39-CB66575BA73E}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{17E95AB7-E526-4D0B-8B67-4D40C38E1E6E}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18AA00E4-8FA4-481F-BC12-20FCB4C0603F}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18DE5D3B-CAD5-4FA5-8F99-F97CDFDA4C03}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18E6FD0C-28F8-4CC4-BF86-BBCACEDC4DA5}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1918C5B8-FA5B-466C-9AA4-240BC07DCB61}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19925B3B-3F17-4E81-980F-7DA7971A4A75}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19C898C7-7065-444D-9C58-8B8A9994DD0B}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A3E760A-B822-45D6-A430-BA4645DEE99D}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A9A53B2-DC3E-4D16-B2E4-E66934CB0BAD}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B528501-803F-49F0-8731-E9D42AEA2044}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77BB4626-6858-4355-BD33-21344DD73F7B}],@DisplayName=Google 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB2987A-34B5-4FEE-832C-E5E1E05926AE}],@DisplayName=Google 
 
--------[Extensions]
 
FlashGet: C:\Program Files\FlashGet\FlashGet.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} 
@xpsp3res.dll,-20001: %windir%\Network Diagnostic\xpnetdiag.exe - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} 
Windows Messenger: C:\Program Files\Messenger\msmsgs.exe - {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} 
 
--------[Clé Run]
 
 
------------[Autres infections]
 
 
  
 
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
»»»»»»»»»»» [Autres rapports]
 

[26/08/2009 20:29] C:\Yoog_Fix\Logs\Rapport_26_08_2009_n2.txt - (Choix 1 : Recherche / Suppression)

-------------------------->> 

Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_26_08_2009_2.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload 
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html 
 
Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com 
 

+--------------[Fin à 20h 29min]



Je vais manger et post les deux autres

Spylock · Answer

PC Rame : Rapport HijackThis HELP

Nouveau Rapport HijackThis 

Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 21:06:48, on 26/08/2009 
Platform: Windows XP SP3 (WinNT 5.01.2600) 
MSIE: Internet Explorer v7.00 (7.00.6000.16876) 
Boot mode: Normal 

Running processes: 
C:WINDOWSSystem32smss.exe 
C:WINDOWSsystem32winlogon.exe 
C:WINDOWSsystem32services.exe 
C:WINDOWSsystem32lsass.exe 
C:WINDOWSsystem32Ati2evxx.exe 
C:WINDOWSsystem32svchost.exe 
C:WINDOWSSystem32svchost.exe 
C:WINDOWSsystem32svchost.exe 
C:WINDOWSsystem32Ati2evxx.exe 
C:WINDOWSsystem32spoolsv.exe 
C:Program FilesMcAfeeManaged VirusScanVScanEngineServer.exe 
C:Program FilesJavajre6binjqs.exe 
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE 
C:Program FilesMcAfeeManaged VirusScanAgentmyAgtSvc.exe 
C:WINDOWSsystem32HPZipm12.exe 
C:WINDOWSsystem32svchost.exe 
C:PROGRA~1McAfeeMANAGE~1VScanMcShield.exe 
C:WINDOWSsystem32wbemwmiapsrv.exe 
C:Program FilesGoogleUpdateGoogleUpdate.exe 
C:WINDOWSExplorer.EXE 
C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe 
C:Program FilesHPHP Software UpdateHPWuSchd2.exe 
C:Program FilesScanSoftPaperPortpptd40nt.exe 
C:Program FilesJavajre6binjusched.exe 
C:Program FilesWindows LiveMessengerMsnMsgr.Exe 
C:Program FilesDNAbtdna.exe 
C:WINDOWSsystem32ctfmon.exe 
C:WINDOWSSystem32svchost.exe 
C:WINDOWSsystem32msiexec.exe 
C:Program FilesInternet ExplorerIEXPLORE.EXE 
C:Program FilesJavajre6binjucheck.exe 
C:Program FilesMcAfeeManaged VirusScanAgentmyAgttry.exe 
C:Documents and SettingsHauforBureauCharlesdDownloadsHiJackThis.exe 

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.secf.asso.fr/INFONETWeb/ 
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp 
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF 
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html 
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Liens 
R3 - Default URLSearchHook is missing 
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll 
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:Program FilesFlashGetjccatch.dll 
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) 
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesFichiers communsMicrosoft SharedWindows LiveWindowsLiveLogin.dll 
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll 
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.15642swg.dll 
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll 
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll 
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll 
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll 
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:Program FilesFlashGetgetflash.dll 
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll 
O4 - HKLM..Run: [ATIPTA] "C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe" 
O4 - HKLM..Run: [SetRefresh] C:Program FilesCompaqSetRefreshSetRefresh.exe 
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe 
O4 - HKLM..Run: [McAfee Managed Services Tray] "C:Program FilesMcAfeeManaged VirusScanAgentStartMyagtTry.exe" 
O4 - HKLM..Run: [MVS Splash] C:Program FilesMcAfeeManaged VirusScanAgentSplash.exe 
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe 
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesFichiers communsScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot 
O4 - HKLM..Run: [PaperPort PTD] "C:Program FilesScanSoftPaperPortpptd40nt.exe" 
O4 - HKLM..Run: [IndexSearch] "C:Program FilesScanSoftPaperPortIndexSearch.exe" 
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" 
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe" 
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background 
O4 - HKCU..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" 
O4 - HKCU..Run: [BitTorrent DNA] "C:Program FilesDNAbtdna.exe" 
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe 
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User 'Default user') 
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe 
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe 
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:Program FilesFlashGetjc_all.htm 
O8 - Extra context menu item: &Télécharger avec FlashGet - C:Program FilesFlashGetjc_link.htm 
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm 
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200 
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000 
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:Program FilesWindows Live ToolbarComponentsfr-frmsntabres.dll.mui/229?03b7a66007f14417bf8618de7b09452c 
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:Program FilesWindows Live ToolbarComponentsfr-frmsntabres.dll.mui/230?03b7a66007f14417bf8618de7b09452c 
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL 
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe 
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:Program FilesFlashGetFlashGet.exe 
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe 
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe 
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe 
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe 
O15 - Trusted Zone: http://*.mcafee.com (HKLM) 
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) 
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM) 
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM) 
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM) 
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) 
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM) 
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM) 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab 
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - https://www.afternic.com/forsale/vscanasap.mondsi.com?utm_source=TDFS_DASLNC&utm_medium=DASLNC&utm_campaign=TDFS_DASLNC&traffic_type=TDFS_DASLNC&traffic_id=daslnc& 
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab 
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_1_0.cab 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab 
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll 
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe 
O23 - Service: EngineServer - McAfee, Inc. - C:Program FilesMcAfeeManaged VirusScanVScanEngineServer.exe 
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe 
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe 
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:Program Filesma-config.commaconfservice.exe 
O23 - Service: McShield - McAfee, Inc. - C:PROGRA~1McAfeeMANAGE~1VScanMcShield.exe 
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:Program FilesMcAfeeManaged VirusScanAgentmyAgtSvc.exe 
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe 

-- 
End of file - 10107 bytes 


Nouveau Rapport Gen Proc 

Rapport GenProc 2.615 [4] - 26/08/2009 à 21:08:27 
@ Windows XP Service Pack 3 - Mode normal 
@ Internet Explorer (7.0.5730.13) [Navigateur par défaut] 

# Etape 1/ Télécharge : 

- Yoog_Fix http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe (Batch_Man) sur le Bureau. 


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Haufor *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[4]" sur ton bureau). 


# Etape 2/ 

Lance Yoog_Fix depuis le Bureau et choisis l'option 1 (Recherche/Suppression). Accepte le disclaimer, patiente et lorsque c'est terminé, clique sur OK. 

# Etape 3/ 

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout. 

# Etape 4/ 

Redémarre normalement et poste, dans la même réponse : 

- Le contenu du rapport Yoog.txt situé sur le Bureau ; 
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ; 
- Un nouveau rapport GenProc ; 

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation. 

~~ Arguments de la procédure ~~ 


# Détections [2] GenProc 2.615 25/08/2009 à 21:38:50 
Yoog:le 25/08/2009 à 21:39:35 "C:Documents and SettingsHauforApplication DataMozillaFirefoxProfiles7vtv08ys.defaultsearchpluginsYoog Search.xml " 

# Détections [3] GenProc 2.615 26/08/2009 à 17:00:03 
Yoog:le 26/08/2009 à 17:00:56 "C:Documents and SettingsHauforApplication DataMozillaFirefoxProfiles7vtv08ys.defaultsearchpluginsYoog Search.xml " 

# Détections [4] GenProc 2.615 26/08/2009 à 21:08:33 
Yoog:le 26/08/2009 à 21:09:30 "C:Documents and SettingsHauforApplication DataMozillaFirefoxProfiles7vtv08ys.defaultsearchpluginsYoog Search.xml " 

---------------------------------------------------------------------- 
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com 
---------------------------------------------------------------------- 

~~ Fin à 21:09:52 ~~

archet9 · Answer

Donne dzes nouvelles du pc stp....


a+

Spylock · Answer

Il rame moins sur le net et à l'ouverture des dossiers du bureau etc... Par contre il met toujours 5/6 secondes entre le temps ou je clique sur l'application que je veux lancer et le moment où la fenêtre de l'appli s'affiche :s
Je test une partie sur Counter Strike Source et je te donne le changement, si il y a :)
A+

archet9 · Answer

Fais ceci stp:

---> Télécharge OTM (OldTimer) sur ton Bureau : 
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/ 


---> Double-clique sur OTMoveIt3.exe afin de le lancer. 

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous : 

:processes 
explorer.exe 

:files 
c:\program files\askbardis\bar\bin\askbar.dll
c:\windows\system32
sw5cb.dll
 

:reg 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb8ede28-053b-79c0-c2d6-94100adce23f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb8ede28-053b-79c0-c2d6-94100adce23f}]
[-HKEY_CLASSES_ROOT\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
 

:commands 
[purity] 
[emptytemp] 
[start explorer] 
[Reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
 Paste Instructions for Items to be Moved. 
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3. 

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. 
Accepte en cliquant sur YES. 

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\ 
Le nom du rapport correspond au moment de sa création : date_heure.log 

a+

Spylock · Answer

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder c:\program files\askbardis\bar\bin\askbar.dll not found.
File/Folder c:\windows\system32
sw5cb.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb8ede28-053b-79c0-c2d6-94100adce23f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb8ede28-053b-79c0-c2d6-94100adce23f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fb8ede28-053b-79c0-c2d6-94100adce23f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb8ede28-053b-79c0-c2d6-94100adce23f}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 702479 bytes
->Java cache emptied: 6341548 bytes
 
User: All Users
 
User: Charles
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Haufor
->Temp folder emptied: 728193 bytes
->Temporary Internet Files folder emptied: 33934159 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39142741 bytes
->Google Chrome cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 311430 bytes
 
User: McAfeeMVSUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 3965095 bytes
 
Total Files Cleaned = 83,28 mb
 
 
OTM by OldTimer - Version 3.0.0.6 log created on 08282009_155152

Files moved on Reboot...

Registry entries deleted on Reboot...

archet9 · Answer

Un nouveau RSIT stp....

A+

PC Rame : Rapport HijackThis HELP

25 réponses

Votre réponse

Newsletters