Problème ordi .. virus? cheval de troie ?

popoopaline -  
 popoopaline -
Bonjour,
Voila depuis quelques mois mon ordi rame pas mal, & depuis quelques semaines le voilà qu'il se bloque en cours de marche et affiche une page bleue que je n'ai meme pas le temps de lire puisque mon ordi s'éteint et se rallume. De plus, parfois il ne veut meme pas s'allumer soit il reste bloqué sur la saisie de mot de passe, soit bloque au cours du chargement et éxécute cette même page "bleue" puis finit par s'éteindre pour se rallumer =\ ..

Comme je ne suis pas très douée en informatique je vous demande gracieusement votre aide, car à ce stade je suis assez désemparée ..
Je dispose de vista (inclus dans l'ordinateur à son achat, donc version légale), il s'agit d'un HP pavillion dv9000.
J'ai acheté norton, croyant qu'il s'agissait d'un bon antivirus ( vu qu'il coute quand meme 40€ ) .. Je me suis fait bien arnaquée !!

Bref j'ai effectué pas mal d'analyse en trautre celle de mon antivirus de base (norton) qui lui, comme nous le savons tous, est une vraie passoire. Puis en naviguant sur diverses forums j'ai suivis des conseils & effectué une analyse complète du système par AVG free 9.0 -> en voici le rapport: "C:\Users\Pauline\Links\feedingfrenzydownload.exe:\Feeding Frenzy Deluxe\FeedingFrenzy.dll";"Virus identifié Win32/Heur";"Infecté"
"C:\Users\Pauline\Links\feedingfrenzydownload.exe";"Virus identifié Win32/Heur";"Infecté"
"C:\Users\Pauline\Documents\Downloads\jeux\janeshoteldownload.exe:\Jane's Hotel Deluxe\janeshotel.dll";"Virus identifié Win32/Heur";"Infecté"
"C:\Users\Pauline\Documents\Downloads\jeux\janeshoteldownload.exe";"Virus identifié Win32/Heur";"Infecté"
"C:\Users\Pauline\Documents\Downloads\jeux\dinerdashdownload.exe:\Diner Dash Deluxe\dinerdash.exe";"Virus identifié Win32/Heur";"Infecté"
"C:\Users\Pauline\Documents\Downloads\jeux\dinerdashdownload.exe";"Virus identifié Win32/Heur";"Infecté"
"C:\HP\BIN\ProcessLogger.exe";"Cheval de Troie : Agent2.ZZG";"Placé en quarantaine"

puis avec whocrashed:
Analysis
Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Thu 05/11/2009 19:59:30 your computer crashed
This was likely caused by the following module: spsys.sys
Bugcheck code: 0x7A (0xC04E26A0, 0xC000009D, 0x262DC8C0, 0x9C4D4004)
Error: KERNEL_DATA_INPAGE_ERROR
Dump file: C:\Windows\Minidump\Mini110509-01.dmp
file path: C:\Windows\system32\drivers\spsys.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: security processor
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.

On Wed 30/09/2009 16:58:17 your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x8F226D90, 0x8F226EDC, 0x82673400)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\Windows\Minidump\Mini093009-01.dmp
file path: C:\Windows\system32\csrss.exe
product: Système d'exploitation Microsoft® Windows®
company: Microsoft Corporation
description: Processus d'exécuttion client-serveur
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.

On Mon 21/09/2009 17:24:00 your computer crashed
This was likely caused by the following module: csrss.exe
Bugcheck code: 0xF4 (0x3, 0x93C790E8, 0x93C79234, 0x82647400)
Error: CRITICAL_OBJECT_TERMINATION
Dump file: C:\Windows\Minidump\Mini092109-01.dmp
file path: C:\Windows\system32\csrss.exe
product: Système d'exploitation Microsoft® Windows®
company: Microsoft Corporation
description: Processus d'exécuttion client-serveur
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.

On Sun 20/09/2009 19:46:12 your computer crashed
This was likely caused by the following module: ntkrnlpa.exe
Bugcheck code: 0x7A (0xC04436D0, 0xC000009D, 0x672BD860, 0x886DA04F)
Error: KERNEL_DATA_INPAGE_ERROR
Dump file: C:\Windows\Minidump\Mini092009-01.dmp
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.

On Sat 02/05/2009 22:36:17 your computer crashed
This was likely caused by the following module: ntkrnlpa.exe
Bugcheck code: 0x9F (0x3, 0x85A26030, 0x872FC7B8, 0x868C7200)
Error: DRIVER_POWER_STATE_FAILURE
Dump file: C:\Windows\Minidump\Mini050309-01.dmp
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.

On Thu 30/10/2008 01:09:54 your computer crashed
This was likely caused by the following module: ntkrnlpa.exe
Bugcheck code: 0x9F (0x3, 0x85625030, 0x86F30810, 0xA3FC5950)
Error: DRIVER_POWER_STATE_FAILURE
Dump file: C:\Windows\Minidump\Mini103008-01.dmp
file path: C:\Windows\system32\ntkrnlpa.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
The crash took place in a standard Microsoft module. Your system configuration may be incorrect, possibly the culprit may be another driver on your system which cannot be identified at this time.

Conclusion
6 crash dumps have been found and analyzed. Note that it's not always possible to state with certainty whether a reported driver is really responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Voila j'espère que vous aurez pitié de moi ^^ d'une jeune fille en détresse face à son ordinateur =( ..
Configuration: Windows Vista Internet Explorer 7.0

2 réponses

  1. tlol
     
    Bonjour,

    télécharge GenProc http://www.genproc.com/GenProc.exe

    double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
    2
    1. popoopaline
       
      Je désinstalle norton ??
      0
    2. popoopaline
       
      ?? Je fais ce qu'ils demandent ?
      0
    3. popoopaline
       
      Rapport de TB.txt:
      Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2
      X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz )
      BIOS : Ver 1.00PARTTBL
      USER : Pauline ( Administrator )
      BOOT : Fail-safe boot
      C:\ (Local Disk) - NTFS - Total:141 Go (Free:84 Go)
      D:\ (Local Disk) - NTFS - Total:7 Go (Free:2 Go)
      E:\ (CD or DVD)

      "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
      Option : [2] ( 14/11/2009|15:04 )

      [ UAC => 1 ]
      C:\Windows\iun6002.exe
      C:\Users\Pauline\AppData\Local\Temp\nseFBC0.tmp
      C:\Users\Pauline\AppData\Local\Temp\nshAB3.tmp
      C:\Users\Pauline\AppData\Local\Temp\nsoFD1B.tmp
      C:\Users\Pauline\AppData\Local\Temp\nswCD10.tmp
      C:\Users\Pauline\AppData\Local\Temp\nsyF5BA.tmp

      -----------\\ SUPPRESSION

      Supprime! - C:\Program Files\GamesBar\Localization-French.ini
      Supprime! - C:\Program Files\GamesBar\Localization2-French.ini
      Supprime! - C:\Program Files\KaZaA\My Shared Folder
      Supprime! - C:\Windows\iun6002.exe
      Supprime! - C:\Users\Pauline\AppData\Local\Temp\nseFBC0.tmp
      Supprime! - C:\Users\Pauline\AppData\Local\Temp\nshAB3.tmp
      Supprime! - C:\Users\Pauline\AppData\Local\Temp\nsoFD1B.tmp
      Supprime! - C:\Users\Pauline\AppData\Local\Temp\nswCD10.tmp
      Supprime! - C:\Users\Pauline\AppData\Local\Temp\nsyF5BA.tmp
      Supprime! - C:\Program Files\GamesBar
      Supprime! - C:\Program Files\KaZaA

      -----------\\ Recherche de Fichiers / Dossiers ...


      -----------\\ [..\Internet Explorer\Main]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="https://www.orange.fr/portail"
      "Local Page"="C:\\Windows\\system32\\blank.htm"
      "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
      "SearchAssistant"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"
      "Url"="https://www.msn.com/fr-fr/actualite/"

      [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="https://www.msn.com/fr-fr/"
      "Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF"
      "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
      "Local Page"="C:\\Windows\\System32\\blank.htm"


      --------------------\\ Recherche d'autres infections


      Aucune autre infection trouvée !

      [ UAC => 1 ]


      1 - "C:\ToolBar SD\TB_1.txt" - 14/11/2009|15:09 - Option : [2]

      -----------\\ Fin du rapport a 15:09:47,95


      Rapport de hijackthis.txt:
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:34:51, on 14/11/2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v8.00 (8.00.6001.18828)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
      C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\HP\HP Software Update\hpwuschd2.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\SGPSA\ie3sh.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\AVG\AVG9\avgtray.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Winsudate\gibusr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Windows\ehome\ehmsas.exe
      C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Windows\system32\SearchProtocolHost.exe
      C:\Windows\system32\DllHost.exe
      C:\Users\Pauline\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
      R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - C:\Program Files\SGPSA\SearchAssistant.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
      O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
      O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
      O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [FBSSA] C:\Program Files\SGPSA\ie3sh.exe
      O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
      O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
      O13 - Gopher Prefix:
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
      O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
      O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
      O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{778312B9-5C28-419D-8CEC-ADBF925ADF6F}: NameServer = 192.168.1.1
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
      O20 - AppInit_DLLs: avgrsstx.dll
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
      O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
      0
    4. popoopaline
       
      SOOOOOS
      0
  2. popoopaline
     
    Rapport GenProc 2.646 [1] - 14/11/2009 à 14:20:21
    @ Windows Vista Service Pack 2 - Hewlett-Packard - Mode normal
    @ Internet Explorer (8.0.6001.18828) [Navigateur par défaut]

    # Etape 1/ Télécharge :

    - CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

    - Toolbar-S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cpVobGk5bHnxrhQ4yaoEUDJvOYNnEGyYjgqHZz5GqZLfutR3fMFPlsC3-CGIilfupPAguYATNyua3csodN_frdMK8sSzUpit10Yac-QJCOkMqJKkbdKcP6ySs8trWPgoNVIq4TGGWCe6o0txXQv-ZueJF9vZzw3RXsGwFYIqN2lvF2LPdQzS8mE1d5kWOVOz6EMzQuE5-lClSJM869uq3oc7-t7yg%3D%3D&attredirects=3 (Team IDN) sur ton Bureau.

    Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Pauline *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).

    # Etape 2/

    Lance Toolbar-S&D situé sur le Bureau. Tape sur "2" puis valide en appuyant sur "Entrée". Ne ferme pas la fenêtre lors de la suppression.

    # Etape 3/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 4/

    Redémarre normalement et poste, dans la même réponse :

    - Le contenu du rapport TB.txt situé dans C:\ ;
    - Un nouveau rapport HijackThis https://forums.cnetfrance.fr/tutoriels-securite-informatique/1549-hijackthis-comment-l-utiliser ;
    - Un nouveau rapport GenProc ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

    ~~ Arguments de la procédure ~~

    # Détections [1] GenProc 2.646 14/11/2009 à 14:20:46
    Toolbar:le 14/11/2009 à 14:21:15 "C:\Program Files\GamesBar"

    ----------------------------------------------------------------------
    Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
    ----------------------------------------------------------------------

    ~~ Fin à 14:21:48 ~~
    0