Sujet Précédent Sujet Suivant

Pages internets s'ouvrant toutes seules

Fermé
smillie - 18 déc. 2009 à 17:44
 smillie - 20 déc. 2009 à 18:23
Bonjour,


Depuis une journée j'ai des pages internets qui s'ouvrent toutes seuls :

-https://fr.search.yahoo.com/yhs/errorhandler?hspart=gt&hsimp=yhse-gt&q=http%3A%2F%2Fwww.networkdevices.cn%2Fac.php%3Faid%3D216%26sid%3Dnew&type=971163

- http://www.senateweb.cn/ac.php?aid=216&sid=new

- http://www.networkdevices.cn/ac.php?aid=216&sid=new

J'ai vu sur plusieurs de vos topics qu'il fallait utiliser hijackthis et de poster le rapport.

Le voici :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:48, on 18/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O2 - BHO: D - {BC2471D2-B720-38D6-9A61-C780EFC93A81} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Service Google Update (gupdate1ca7de129b9da80) (gupdate1ca7de129b9da80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
Utilisateur anonyme
18 déc. 2009 à 17:48
Bonsoir,

Impératif sous vista:

desactives tes comptes d'utilisateur:
https://www.zebulon.fr/astuces/pratique/220-desactiver-l-uac-dans-vista.html

[*]Télécharge AD-REMOVER
ou
AD-REMOVER

(de Cyrildu17 / C_XX) sur ton Bureau.

[*] Déconnecte-toi et ferme toutes applications en cours

[*]Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).
[*]Clic-droitl sur l'icône [AD-Remover située sur ton Bureau,et choisis :"Exécuter en tant qu'administrateur"
[*]Au menu principal, choisis l'option L. [*]Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure



a+

0
Réponse 2 / 26
smillie
19 déc. 2009 à 09:34
Voilà j'ai suivi tes instructions et voici le rapport Ad-remover :

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 18.12.2009 à 20:30
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 9:19:06, 19/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium v6.0.6000
Nom du PC: PC-DE-PROPRIETA | Utilisateur actuel: proprietaire
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\Program Files\Mozilla FireFox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
C:\Program Files\Mozilla FireFox\extensions\search@searchsettings.com
C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
C:\Users\PROPRI~1\AppData\Local\Temp\AskSearch
C:\Program Files\Ask.com
C:\Program Files\pdfforge Toolbar
C:\Users\PROPRI~1\AppData\Roaming\Desktopicon
C:\Users\proprietaire\AppData\LocalLow\AskToolbar
C:\Users\proprietaire\AppData\LocalLow\pdfforge
C:\Users\proprietaire\AppData\LocalLow\Search Settings
C:\Windows\Installer\1b9c11b.msi
C:\Users\PROPRI~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ebay.lnk
C:\Users\PROPRI~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Ebay.lnk

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\appdatalow\AskBarDis
HKCU\software\appdatalow\AskHomepage
HKCU\software\appdatalow\AskToolbarInfo
HKCU\software\appdatalow\software\AskToolbar
HKCU\software\appdatalow\software\pdfforge
HKCU\software\Ask.com
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
HKCU\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKCU\software\Search Settings
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\software\classes\GenericAskToolbar.ToolbarWnd
HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\software\classes\installer\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\377026901A2D8744A8423A983B50E0D1
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\8A01D85165E7CD5448C71263ADB6A2E2
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B278DBFACA5AB424DA79915F3A109F9A
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B3B348F18694F1949B4D6BD9507F2886
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\E48E3A6D380B2EC4ABCEB3BA048D767F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F715D253BF28D554C9C0F60ABA8585CF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A6EB8FE4C9986914497E92C7F5A702E3
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
HKLM\software\microsoft\windows\currentversion\uninstall\{4EF8BE6A-899C-4196-94E7-297C5F7A203E}
HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\software\pdfforge
HKLM\software\Search Settings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: uckl17cx.default (proprietaire)
.
(PROPRI~1, prefs.js) Browser.search.defaultenginename, Bing
(PROPRI~1, prefs.js) Browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
(PROPRI~1, prefs.js) Browser.search.selectedEngine, BS Player Customized Web Search
(PROPRI~1, prefs.js) Browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
(PROPRI~1, prefs.js) Extensions.enabledItems, {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}:2.1.0.19,support@burn4free-toolbar.com:1.0,DTToolbar@toolbarnet.com:1.0.8.0552,{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{B922D405-6D13-4A2B-AE89-08A030DA4402}:1.1.1,search@searchsettings.com:1.2.2,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
(PROPRI~1, prefs.js) Keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=
.
(PROPRI~1, prefs.js) EFFACE - Browser.search.defaultthis.engineName, BS Player Customized Web Search
(PROPRI~1, prefs.js) EFFACE - Browser.search.selectedEngine, BS Player Customized Web Search
.
.
* Internet Explorer Version 7.0.6000.16945 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\Windows\system32\blank.htm
Show_ToolBar: yes
Enable Browser Extensions: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: %SystemRoot%\system32\blank.htm
Enable Browser Extensions: yes
Use Search Asst: no
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials, ...) ==============
.
C:\Users\proprietaire\AppData\Roaming\BSplayer\AC3 Filter\dialog_patch.exe
C:\Users\proprietaire\AppData\Roaming\uTorrent\Need.For.Speed.Shift.AMD.Dual.Core.Patch.zip.torrent
C:\Users\proprietaire\AppData\Roaming\uTorrent\Need.For.Speed.Shift.Crack.Only-RELOADED.torrent
C:\Users\proprietaire\AppData\Roaming\uTorrent\Pro Evolution Soccer 2009 - PES SMoKE Patch 1.7.5 (Final).torrent
C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\2eme crack\GTAIV.exe
C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\2eme crack\LaunchGTAIV.exe
C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\2eme crack\wurstsuppe-gta4crack.nfo
C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\3eme crack\0x0008-gta4cr.nfo
C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\3eme crack\LaunchGTAIV.exe
C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\Crack Gta IV Razor\Crack de razor\GTAIV.exe
C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\Crack Gta IV Razor\Crack de razor\LaunchGTAIV.exe
C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Patch\Content\setup.exe
C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Patch\Content\UpdateTitle.exe
.
===================================
.
531 Octet(s) - C:\Ad-Report-CLEAN[1].log
10491 Octet(s) - C:\Ad-Report-CLEAN[2].log
.
0 Fichier(s) - C:\Users\PROPRI~1\AppData\Local\Temp
0 Fichier(s) - C:\Windows\Temp
0 Fichier(s) - C:\Windows\Prefetch
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
95 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 9:24:18 | 19/12/2009 - CLEAN[2]
.
============== E.O.F ==============
.
0
Réponse 3 / 26
smillie
19 déc. 2009 à 10:10
Désolé de faire un double post, mais c'est pour t'informer que des pages s'ouvrent toujours toutes seuls mais vers d'autres sites.
0
Réponse 4 / 26
Utilisateur anonyme
19 déc. 2009 à 14:43
Télécharge RSIT (de random/random) sur le bureau :

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur "Continue" dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .

Les rapports sont dans le dossier ici C:\rsit
a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
smillie
19 déc. 2009 à 15:04
Voici les deux rapports :

Logfile of random's system information tool 1.06 (written by random/random)
Run by proprietaire at 2009-12-19 15:00:45
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 11 GB (17%) free of 66 GB
Total RAM: 2047 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:54, on 19/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\proprietaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFLL1XR9\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\proprietaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: D - {BC2471D2-B720-38D6-9A61-C780EFC93A81} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Service Google Update (gupdate1ca7de129b9da80) (gupdate1ca7de129b9da80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
0
Réponse 6 / 26
Utilisateur anonyme
19 déc. 2009 à 15:31
---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/


--->Clique-droit sur OTMoveIt3.exe et choisis:"exécuter en tant qu'administrateur"
afin de le lancer.

---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :

:processes
explorer.exe

:files
c:\program files\daemon tools toolbar\dttoolbar.dll
c:\program files\burn4free\uninstall.exe


:reg
[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-


:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

-------------------------------------------------------------------

• Télécharge USBFIX http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe­



(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectés sans les ouvrir

Clic droit (exécuter en tant qu'admin...) sur le raccourci UsbFix présent sur ton bureau .

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

• Au second menu Choisis l'option " 2 " (supression) et tape sur [entrée]

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


----------------------------------------------------------------------

Fais un scan avec cet antispyware :
Malwarebytes + tutoriel

Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.

a+











0
Réponse 7 / 26
smillie
19 déc. 2009 à 16:45
Voila le rapport de OTM :



All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
LoadLibrary failed for c:\program files\daemon tools toolbar\DTToolbar.dll
c:\program files\daemon tools toolbar\DTToolbar.dll moved successfully.
c:\program files\burn4free\uninstall.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: proprietaire
->Temp folder emptied: 148317 bytes
->Temporary Internet Files folder emptied: 47935832 bytes
->Java cache emptied: 25571026 bytes
->FireFox cache emptied: 41453586 bytes
->Google Chrome cache emptied: 594288 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 38460 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3218239 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 113,48 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12192009_155833

Files moved on Reboot...

Registry entries deleted on Reboot...


Le deuxieme rapport :



############################## | UsbFix V6.065 |

User : proprietaire (Administrateurs) # PC-DE-PROPRIETA
Update on 18/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 16:11:34 | 19/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Genuine Intel(R) CPU T2250 @ 1.73GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6000 32-bit) #
Internet Explorer 7.0.6000.16945
Windows Firewall Status : Disabled
AV : ESET Smart Security 3.0 3.0 [ Enabled | Updated ]
AV : Kaspersky Internet Security 8.0.0.454 [ (!) Disabled | (!) Outdated ]
FW : Kaspersky Internet Security[ Enabled ]8.0.0.454
FW : ESET Personal firewall[ Enabled ]3.0.650.0

C:\ -> Disque fixe local # 64,14 Go (10,63 Go free) [VistaOS] # NTFS
D:\ -> Disque fixe local # 42,76 Go (42,66 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque CD-ROM
H:\ -> Disque CD-ROM
I:\ -> Disque amovible # 1,88 Go (1,35 Go free) # FAT
J:\ -> Disque amovible

############################## | Processus actifs |

C:\Windows\System32\smss.exe 472
C:\Windows\system32\csrss.exe 548
C:\Windows\system32\wininit.exe 596
C:\Windows\system32\csrss.exe 604
C:\Windows\system32\services.exe 640
C:\Windows\system32\lsass.exe 652
C:\Windows\system32\lsm.exe 660
C:\Windows\system32\winlogon.exe 736
C:\Windows\system32\svchost.exe 852
C:\Windows\system32\svchost.exe 936
C:\Windows\System32\svchost.exe 1000
C:\Windows\system32\svchost.exe 1068
C:\Windows\System32\svchost.exe 1148
C:\Windows\System32\svchost.exe 1208
C:\Windows\System32\svchost.exe 1236
C:\Windows\system32\SLsvc.exe 1392
C:\Windows\system32\svchost.exe 1440
C:\Program Files\ATK Hotkey\ASLDRSrv.exe 1684
C:\Program Files\ATK Hotkey\Hcontrol.exe 1720
C:\Program Files\ATKOSD2\ATKOSD2.exe 1728
C:\Program Files\Wireless Console 2\wcourier.exe 1740
C:\Program Files\ASUS\Splendid\ACMON.exe 1748
C:\Program Files\P4G\BatteryLife.exe 1772
C:\Windows\System32\spoolsv.exe 1820
C:\Windows\System32\ACEngSvr.exe 1864
C:\Windows\system32\svchost.exe 1876
C:\Program Files\ATK Hotkey\ATKOSD.exe 496
C:\Windows\system32\Dwm.exe 508
C:\Windows\Explorer.EXE 848
C:\Program Files\Internet Explorer\IEUser.exe 536
C:\Windows\system32\svchost.exe 2308
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 2352
C:\Windows\system32\svchost.exe 2612
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2624
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe 2668
C:\Windows\system32\svchost.exe 2720
C:\Windows\System32\StkCSrv.exe 2784
C:\Windows\System32\svchost.exe 2852
C:\Windows\system32\SearchIndexer.exe 2904
C:\Windows\system32\WUDFHost.exe 3032
C:\Windows\system32\taskeng.exe 3184
C:\Windows\system32\wbem\wmiprvse.exe 3228
C:\Windows\system32\runonce.exe 3388
C:\Windows\system32\wbem\wmiprvse.exe 3520
C:\Windows\system32\taskeng.exe 3628
C:\Windows\system32\taskeng.exe 3668
C:\Program Files\ASUS\ASUS Live Update\ALU.exe 3740
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 4048
C:\Windows\system32\PresentationSettings.exe 1420
C:\Windows\system32\wermgr.exe 1016

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\$Recycle.Bin\S-1-5-21-2112885823-2709834079-286472785-1000
Supprimé ! D:\$Recycle.Bin\S-1-5-21-2112885823-2709834079-286472785-1000

################## | Registre # Clés infectieuses |


################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{2478beef-ba33-11de-92a0-001a9248fbf6}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8193cd2f-b0c2-11de-8fc8-001a9248fbf6}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8193cd3f-b0c2-11de-8fc8-001a9248fbf6}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{aa45fac2-b413-11de-9ef5-001a9248fbf6}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[19/12/2009 16:09|--a------|2012] C:\aaw7boot.log
[19/12/2009 09:13|--a------|531] C:\Ad-Report-CLEAN[1].log
[19/12/2009 09:24|--a------|10862] C:\Ad-Report-CLEAN[2].log
[18/09/2006 22:43|--a------|24] C:\autoexec.bat
[02/11/2006 10:53|-rahs----|438840] C:\bootmgr
[10/01/2007 20:35|-ra-s----|8192] C:\BOOTSECT.BAK
[07/12/2006 04:00|--a------|23] C:\CA.txt
[18/09/2006 22:43|--a------|10] C:\config.sys
[17/01/2007 10:06|--a------|15947] C:\devlist.txt
[15/02/2007 10:14|-r-h-----|524288] C:\F3Jc.BIN
[08/01/2007 15:48|--a------|16] C:\F3Jc_F3Jv_F3P_Vista.10
[20/12/2006 10:39|-rah-----|524288] C:\F3Jv.BIN
[20/12/2006 10:37|-rah-----|524288] C:\F3P.BIN
[17/01/2007 10:06|--a------|9] C:\Finish.log
[?|?|?] C:\hiberfil.sys
[?|?|?] C:\pagefile.sys
[17/01/2007 09:48|--a------|284] C:\RHDSetup.log
[19/12/2009 16:15|--a------|4808] C:\UsbFix.txt
[01/07/2009 14:44|--a------|16206] I:\SANA ANNONCE.odt
[01/07/2009 14:38|--a------|16065] I:\AVEC ANNONCE.odt
[17/07/2009 12:12|--a------|16719] I:\sans annonce.odt
[01/08/2009 11:18|--a------|12288] I:\Annonce.doc
[09/11/2009 10:54|--a------|545280] I:\cv.doc
[11/10/2009 12:42|--a------|23174007] I:\bernard WEBER.rar
[19/07/2009 17:49|--a------|324608] I:\curriculum vitae nicolas2.doc
[30/11/2009 18:02|--a------|25571334] I:\diplome.bmp
[03/12/2009 16:56|--ah-----|126] I:\.~lock.AVEC ANNONCE.odt#
[13/11/2009 22:27|--a------|49157432] I:\pes2009.exe
[16/12/2009 10:43|--a------|500209] I:\Dossier.pdf
[15/12/2009 16:07|--a------|67890] I:\ppa.pdf

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# D:\autorun.inf -> Dossier créé par UsbFix.
# I:\autorun.inf -> Dossier créé par UsbFix.

################## | Cracks / Keygens / Serials |

"C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
09/10/2006 12:43 |Size 729088 |Crc32 442f9639 |Md5 04870a30820f902aab828317c3b5e897

"C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\2eme crack\GTAIV.exe"
15/12/2009 17:44 |Size 13411688 |Crc32 be148d03 |Md5 9fa1c2a3f2932d46538bc14e715cfccc

"C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\2eme crack\LaunchGTAIV.exe"
15/12/2009 17:44 |Size 5127312 |Crc32 bf182af8 |Md5 24429f04b410172169c19574e017e461

"C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\3eme crack\LaunchGTAIV.exe"
15/12/2009 17:24 |Size 28160 |Crc32 373b5f85 |Md5 b4f4a2841f0857aaf18232724762cc52

"C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\Crack Gta IV Razor\Crack de razor\GTAIV.exe"
15/12/2009 17:43 |Size 13411688 |Crc32 be148d03 |Md5 9fa1c2a3f2932d46538bc14e715cfccc

"C:\Users\proprietaire\Downloads\Grand Theft Auto IV\Cracks\Crack Gta IV Razor\Crack de razor\LaunchGTAIV.exe"
15/12/2009 17:40 |Size 73728 |Crc32 83eb9232 |Md5 25ea124fc3e2b578c48900633d00a0bd


################## | Upload |

Veuillez envoyer le fichier : C:\Users\PROPRI~1\Desktop\UsbFix_Upload_Me_PC-de-proprieta.zip : https://www.ionos.fr/?affiliate_id=77097
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.065 ! |


Par contre , pour Malwarebytes + tutoriel je n'arrive pas à le lancer. Peut etre as tu un autre logiciel?
0
Réponse 8 / 26
Utilisateur anonyme
19 déc. 2009 à 17:11 
Par contre , pour Malwarebytes + tutoriel je n'arrive pas à le lancer. Peut etre as tu un autre logiciel?


==> Que se passe t'il,as tu un message d'erreur ou autre?

Refais un RSIT stp.

a+






0
Réponse 9 / 26
smillie
19 déc. 2009 à 17:11
Un double post pour te remercier de te pencher sur mon cas.
0
Réponse 10 / 26
smillie
19 déc. 2009 à 17:33
Pour le logiciel , cela me met que le logiciel a cesser de fonctionner ( je l'excute en tant qu'administrateur)

Le rapport de RSIT :



Logfile of random's system information tool 1.06 (written by random/random)
Run by proprietaire at 2009-12-19 17:30:59
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 11 GB (17%) free of 66 GB
Total RAM: 2047 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:03, on 19/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\proprietaire\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\proprietaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: D - {BC2471D2-B720-38D6-9A61-C780EFC93A81} - (no file)
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Service Google Update (gupdate1ca7de129b9da80) (gupdate1ca7de129b9da80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
0
Réponse 11 / 26
Utilisateur anonyme
19 déc. 2009 à 18:09
Réessayes Malwareytes ici:
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
TOOLbar-s&d

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2 (suppression).
Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

a+
0
Réponse 12 / 26
smillie
19 déc. 2009 à 18:30
Le logiciel ne marche pas ^^

Voici le rapport :



-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 )
X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU T2250 @ 1.73GHz )
BIOS : Default System BIOS
USER : proprietaire ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.454 (Not Activated)
Firewall : ESET Personal firewall 3.0.650.0 (Activated)
C:\ (Local Disk) - NTFS - Total:64 Go (Free:10 Go)
D:\ (Local Disk) - NTFS - Total:42 Go (Free:42 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 19/12/2009|18:24 )

[ UAC => 1 ]
C:\Windows\Burn4Free_Toolbar_Uninstaller_6554.exe
C:\Windows\Burn4Free_Toolbar_Uninstaller_7540.exe
C:\Windows\System32\b4fm.dll
C:\Users\PROPRI~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
C:\Users\Public\Desktop\Burn4Free.lnk

-----------\\ SUPPRESSION

Supprime! - C:\Users\Public\Desktop\Burn4Free.lnk
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Burn4Free CD and DVD
Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Burn4Free Toolbar
Supprime! - C:\Program Files\Mozilla Firefox\extensions\support@burn4free-toolbar.com
Supprime! - C:\Program Files\Burn4Free\bass.dll
Supprime! - C:\Program Files\Burn4Free\basscd.dll
Supprime! - C:\Program Files\Burn4Free\bassflac.dll
Supprime! - C:\Program Files\Burn4Free\basswma.dll
Supprime! - C:\Program Files\Burn4Free\basswv.dll
Supprime! - C:\Program Files\Burn4Free\bass_ape.dll
Supprime! - C:\Program Files\Burn4Free\bass_mpc.dll
Supprime! - C:\Program Files\Burn4Free\BURN4FREE.CFG
Supprime! - C:\Program Files\Burn4Free\Burn4Free.exe
Supprime! - C:\Program Files\Burn4Free\languages
Supprime! - C:\Program Files\Burn4Free\license.txt
Supprime! - C:\Program Files\Burn4Free\queue
Supprime! - C:\Program Files\Burn4Free\temp
Supprime! - C:\Program Files\Burn4Free\wav
Supprime! - C:\Program Files\Burn4Free Toolbar\uninstall.txt
Supprime! - C:\Program Files\Burn4Free Toolbar\v3.3.0.3
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Windows\Burn4Free_Toolbar_Uninstaller_6554.exe
Supprime! - C:\Windows\Burn4Free_Toolbar_Uninstaller_7540.exe
Echec ! - C:\Windows\System32\b4fm.dll
Supprime! - C:\Users\PROPRI~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Burn4Free.lnk
Supprime! - C:\Program Files\Burn4Free
Supprime! - C:\Program Files\Burn4Free Toolbar
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ DEUXIEME PASSAGE

Echec ! - C:\Windows\System32\b4fm.dll

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Windows\System32\b4fm.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Default_page_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search bar"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search bar"="http://www.bing.com/spresults.aspx"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\PROPRI~1\AppData\Roaming\Microsoft\Windows\Recent\Chessmaster_10th_Edition_V1.02_NOCD_CRACK-RVL.lnk
C:\Users\PROPRI~1\AppData\Roaming\uTorrent\Need.For.Speed.Shift.Crack.Only-RELOADED.torrent
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\2eme crack
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\3eme crack
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\Crack Gta IV Razor
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\2eme crack\GTAIV.exe
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\2eme crack\LaunchGTAIV.exe
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\2eme crack\Paul.dll
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\2eme crack\wurstsuppe-gta4crack.nfo
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\3eme crack\0x0008-gta4cr.nfo
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\3eme crack\LaunchGTAIV.exe
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\3eme crack\Paul.dll
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\Crack Gta IV Razor\Crack de razor
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\Crack Gta IV Razor\Crack de razor\1911.dll
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\Crack Gta IV Razor\Crack de razor\GTAIV.exe
C:\Users\PROPRI~1\Downloads\Grand Theft Auto IV\Cracks\Crack Gta IV Razor\Crack de razor\LaunchGTAIV.exe


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 19/12/2009|18:27 - Option : [2]

-----------\\ Fin du rapport a 18:27:42,09
0
Réponse 13 / 26
Utilisateur anonyme
19 déc. 2009 à 18:40
Relances OTM avec ce script:

:files
C:\Windows\System32\b4fm.dll



:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Et colles un nouveau RSIT.

a+
0
Réponse 14 / 26
smillie
19 déc. 2009 à 19:02
Voila le rapport OTM :

All processes killed
========== FILES ==========
C:\Windows\System32\B4FM.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: proprietaire
->Temp folder emptied: 82017 bytes
->Temporary Internet Files folder emptied: 18975503 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20454013 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 38636 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37,75 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12192009_185140

Files moved on Reboot...

Registry entries deleted on Reboot...





Et voici le rapport RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by proprietaire at 2009-12-19 18:58:15
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 11 GB (17%) free of 66 GB
Total RAM: 2047 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:20, on 19/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\proprietaire\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\proprietaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: D - {BC2471D2-B720-38D6-9A61-C780EFC93A81} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Softonic France Toolbar - {364d4e0c-543f-4b85-abe3-19551139da4f} - C:\Program Files\Softonic_France\tbSoft.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Service Google Update (gupdate1ca7de129b9da80) (gupdate1ca7de129b9da80) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
0
Réponse 15 / 26
Utilisateur anonyme
19 déc. 2009 à 19:09
Comment va le pc?

Telecharges GENPROC

http://www.genproc.com/GenProc.exe

Copies et colles le rapport stp...



a+
0
Réponse 16 / 26
smillie
19 déc. 2009 à 19:57
J'ai toujours le meme probleme mais avec des sites differents

Voila le rapport


~~ CM DISK ERROR ~~

# Etape 1/ Télécharge :

- CCleaner https://www.ccleaner.com/ccleaner/download (FileHippo). Ce logiciel va permettre de supprimer tous les fichiers temporaires. Lance-le et clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. Ferme le programme.

- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** proprietaire *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).


# Etape 2/

Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

# Etape 3/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 4/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~


# Détections [1] GenProc 2.660 19/12/2009 à 19:47:44
Tdss:le 19/12/2009 à 19:48:50 PFROP H8SRT*

----------------------------------------------------------------------
Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
----------------------------------------------------------------------

~~ Fin à 19:49:04 ~~
0
Réponse 17 / 26
Utilisateur anonyme
19 déc. 2009 à 20:04
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

a+
0
Réponse 18 / 26
smillie
19 déc. 2009 à 21:28
Voila le rapport, l'ordinateur a eu du mal a redemarrer. La connection internet fermée, les pages s'ouvraient toujours mais ne donnait sur rien car plus de connection. Je vous le precise au cas où.


ComboFix 09-12-18.03 - proprietaire 19/12/2009 21:03:16.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2047.1025 [GMT 1:00]
Lancé depuis: C:\Users\proprietaire\Desktop\KittyFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\Cursors\aero_link.cur
C:\Windows\system32\drivers\H8SRTitdrdeyybq.sys
C:\Windows\system32\H8SRTevadgqpmdq.dat
C:\Windows\system32\H8SRTiypjcgsfgt.dll
C:\Windows\system32\H8SRTlraacnlwec.dll
C:\Windows\system32\krl32mainweq.dll
C:\Windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-11-19 au 2009-12-19 ))))))))))))))))))))))))))))))))))))
.

2009-12-19 18:47:36 . 2009-12-19 18:47:36 -------- d-----w- C:\GenProc
2009-12-19 17:23:56 . 2009-12-19 17:27:42 -------- d-----w- C:\ToolBar SD
2009-12-19 15:28:40 . 2009-12-03 15:14:06 38224 ----a-w- C:\Windows\system32\drivers\mbamswissarmy.sys
2009-12-19 15:28:39 . 2009-12-19 15:28:39 -------- d-----w- C:\ProgramData\Malwarebytes
2009-12-19 15:28:38 . 2009-12-19 17:16:51 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-19 15:28:38 . 2009-12-03 15:13:56 19160 ----a-w- C:\Windows\system32\drivers\mbam.sys
2009-12-19 15:08:05 . 2009-12-19 15:16:20 -------- d-----w- C:\UsbFix
2009-12-19 14:58:33 . 2009-12-19 14:58:33 -------- d-----w- C:\_OTM
2009-12-19 14:00:45 . 2009-12-19 14:00:57 -------- d-----w- C:\rsit
2009-12-19 08:11:49 . 2009-12-19 08:11:49 56 ---ha-w- C:\Windows\system32\ezsidmv.dat
2009-12-19 08:04:41 . 2009-12-19 08:04:41 7484 ----a-w- C:\Users\proprietaire\AppData\Local\d3d9caps.dat
2009-12-18 18:35:36 . 2009-12-19 08:24:18 -------- d-----w- C:\Program Files\Ad-Remover
2009-12-18 16:17:33 . 2009-12-18 16:17:33 -------- d-----w- C:\Program Files\Trend Micro
2009-12-18 12:50:39 . 2009-12-18 12:37:02 15880 ----a-w- C:\Windows\system32\lsdelete.exe
2009-12-18 12:37:17 . 2009-09-23 12:55:23 64288 ----a-w- C:\Windows\system32\drivers\Lbd.sys
2009-12-18 12:30:53 . 2009-12-19 19:50:38 -------- d-----w- C:\ProgramData\Lavasoft
2009-12-18 12:22:38 . 2009-12-19 15:15:22 -------- d-----w- C:\Windows\system32\HouseCall 6.6
2009-12-18 11:43:45 . 2009-12-18 11:43:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2009-12-18 10:42:14 . 2009-12-18 10:42:14 159933 ----a-w- C:\Windows\Marsu-Fix Uninstaller.exe
2009-12-15 23:52:49 . 2009-12-18 11:47:52 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\DivX
2009-12-15 23:49:24 . 2009-12-15 23:49:27 -------- d-----w- C:\Program Files\Common Files\PX Storage Engine
2009-12-15 23:48:39 . 2009-12-15 23:49:10 -------- d-----w- C:\Program Files\Common Files\DivX Shared
2009-12-11 11:31:06 . 2009-12-11 11:31:53 -------- d-----w- C:\Program Files\Unlocker
2009-12-11 08:36:05 . 2009-11-09 13:34:40 24064 ----a-w- C:\Windows\system32\nshhttp.dll
2009-12-11 08:36:02 . 2009-11-09 13:30:40 31232 ----a-w- C:\Windows\system32\httpapi.dll
2009-12-11 08:36:02 . 2009-11-09 11:17:15 396800 ----a-w- C:\Windows\system32\drivers\http.sys
2009-12-09 17:48:08 . 2009-12-09 17:48:08 -------- d-----w- C:\ProgramData\Sports Interactive
2009-12-09 17:28:41 . 2009-12-09 17:28:42 -------- d--h--w- C:\Program Files\Zero G Registry
2009-12-09 17:28:13 . 2009-12-09 17:28:13 -------- d--h--w- C:\Users\proprietaire\InstallAnywhere
2009-12-09 17:26:52 . 2009-12-09 17:46:47 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\Sports Interactive
2009-12-09 10:24:24 . 2009-08-24 12:47:07 378368 ----a-w- C:\Windows\system32\winhttp.dll
2009-12-09 10:02:13 . 2009-10-07 12:47:10 232960 ----a-w- C:\Windows\system32\rastls.dll
2009-12-09 10:02:13 . 2009-10-07 12:47:08 274432 ----a-w- C:\Windows\system32\raschap.dll
2009-12-08 17:33:58 . 2009-12-08 17:34:00 -------- d-----w- C:\Program Files\Dolphin
2009-12-06 13:19:10 . 2009-12-06 13:19:10 -------- d-----w- C:\ProgramData\DVD Shrink
2009-12-04 11:37:25 . 2009-12-04 11:37:24 484976 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtbA046.tmp.exe
2009-11-29 15:49:42 . 2008-12-19 16:15:58 4338246 ----a-w- C:\Users\proprietaire\AppData\Roaming\BSplayer\FFDShow\libavcodec.dll
2009-11-29 15:48:48 . 2009-11-29 21:44:03 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\BSplayer
2009-11-29 15:48:48 . 2009-11-29 15:48:48 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\BSplayer Pro
2009-11-29 15:48:47 . 2009-11-29 15:48:47 -------- d-----w- C:\Program Files\Webteh
2009-11-28 02:01:38 . 2009-10-29 07:59:17 2048 ----a-w- C:\Windows\system32\tzres.dll
2009-11-27 11:37:30 . 2009-12-12 21:45:33 -------- d-----w- C:\Program Files\Runes of Magic
2009-11-25 10:01:10 . 2009-08-10 13:05:24 1406464 ----a-w- C:\Windows\system32\msxml6.dll
2009-11-25 10:01:10 . 2009-08-10 13:05:23 1260032 ----a-w- C:\Windows\system32\msxml3.dll
2009-11-25 10:01:09 . 2009-08-10 13:05:25 2048 ----a-w- C:\Windows\system32\msxml6r.dll
2009-11-25 10:01:09 . 2009-08-10 13:05:23 2048 ----a-w- C:\Windows\system32\msxml3r.dll
2009-11-24 10:08:52 . 2009-11-24 10:08:52 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\FOG Downloader
2009-11-23 17:09:29 . 2009-11-26 15:29:46 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\dvdcss
2009-11-23 13:39:48 . 2009-11-23 13:39:58 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\EssentialPIM
2009-11-23 13:39:48 . 2009-11-23 13:39:49 -------- d-----w- C:\Program Files\EssentialPIM
2009-11-23 13:33:22 . 2009-12-15 14:43:30 -------- d-----w- C:\Users\proprietaire\.rainlendar2
2009-11-23 13:33:08 . 2009-12-15 16:38:44 -------- d-----w- C:\Program Files\Rainlendar2
2009-11-23 13:20:19 . 2009-11-23 13:20:25 -------- d-----w- C:\ProgramData\Agendis
2009-11-23 13:03:16 . 2009-11-23 13:03:16 -------- d-----w- C:\Program Files\MSECache

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-19 20:22:00 . 2009-09-27 09:53:52 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\uTorrent
2009-12-19 20:21:48 . 2009-09-27 14:03:19 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\Skype
2009-12-19 20:18:35 . 2009-09-24 10:36:55 45056 ----a-w- C:\Windows\system32\acovcnt.exe
2009-12-19 20:12:26 . 2009-09-24 11:00:27 704544 --sha-w- C:\Windows\system32\drivers\fidbox2.dat
2009-12-19 20:12:26 . 2009-09-24 11:00:27 4536 --sha-w- C:\Windows\system32\drivers\fidbox2.idx
2009-12-19 20:12:26 . 2009-09-24 11:00:27 3340320 --sha-w- C:\Windows\system32\drivers\fidbox.dat
2009-12-19 20:12:26 . 2009-09-24 11:00:27 28224 --sha-w- C:\Windows\system32\drivers\fidbox.idx
2009-12-19 20:12:23 . 2007-01-10 19:43:30 12 ----a-w- C:\Windows\bthservsdp.dat
2009-12-19 20:09:57 . 2007-01-10 19:17:03 690832 ----a-w- C:\Windows\system32\perfh00C.dat
2009-12-19 20:09:57 . 2007-01-10 19:17:03 117572 ----a-w- C:\Windows\system32\perfc00C.dat
2009-12-19 18:54:46 . 2009-09-24 10:37:38 36166 ----a-w- C:\Users\proprietaire\AppData\Roaming\nvModes.dat
2009-12-19 17:56:27 . 2009-09-27 18:06:04 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\skypePM
2009-12-16 16:06:10 . 2009-10-01 09:17:44 1 ----a-w- C:\Users\proprietaire\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-15 23:51:08 . 2009-09-27 14:01:34 -------- d-----w- C:\Program Files\Google
2009-12-15 23:21:05 . 2009-09-29 19:24:44 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\vlc
2009-12-13 08:58:27 . 2009-09-24 10:19:24 53552 ----a-w- C:\Users\proprietaire\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-12 15:35:46 . 2007-01-17 08:47:37 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2009-12-12 15:22:39 . 2007-01-17 08:46:42 -------- d-----w- C:\Program Files\Common Files\InstallShield
2009-12-04 16:59:27 . 2009-09-24 11:00:27 -------- d-----w- C:\ProgramData\Kaspersky Lab
2009-11-29 15:49:00 . 2009-11-29 15:48:58 -------- d-----w- C:\Program Files\BS_Player
2009-11-14 00:47:32 . 2009-11-14 00:47:32 90112 ----a-w- C:\Windows\system32\dpl100.dll
2009-11-14 00:47:28 . 2009-11-14 00:47:28 856064 ----a-w- C:\Windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 . 2009-11-14 00:47:28 856064 ----a-w- C:\Windows\system32\divx_xx07.dll
2009-11-14 00:47:28 . 2009-11-14 00:47:28 847872 ----a-w- C:\Windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 . 2009-11-14 00:47:28 843776 ----a-w- C:\Windows\system32\divx_xx16.dll
2009-11-14 00:47:28 . 2009-11-14 00:47:28 839680 ----a-w- C:\Windows\system32\divx_xx11.dll
2009-11-14 00:47:28 . 2009-11-14 00:47:28 696320 ----a-w- C:\Windows\system32\DivX.dll
2009-11-13 21:07:48 . 2009-11-13 21:07:48 -------- d-----w- C:\ProgramData\KONAMI
2009-11-11 20:00:27 . 2009-11-11 20:00:27 8854 ----a-r- C:\Users\proprietaire\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\Uninstall_GameShadow_373C3DAE62C84F63887C769A8986ED50.exe
2009-11-11 20:00:27 . 2009-11-11 20:00:27 45056 ----a-r- C:\Users\proprietaire\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-11-11 20:00:27 . 2009-11-11 20:00:27 45056 ----a-r- C:\Users\proprietaire\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-11-11 20:00:27 . 2009-11-11 20:00:27 45056 ----a-r- C:\Users\proprietaire\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\ARPPRODUCTICON.exe
2009-11-09 02:19:36 . 2009-11-06 15:52:37 -------- d-----w- C:\Program Files\Microsoft Silverlight
2009-11-07 02:02:05 . 2009-11-07 02:02:05 -------- d-----w- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2009-11-06 15:52:04 . 2009-11-06 15:45:29 -------- d-----w- C:\Program Files\Windows Live
2009-11-06 15:51:05 . 2009-11-06 15:51:05 -------- d-----w- C:\Program Files\Microsoft Sync Framework
2009-11-06 15:48:44 . 2009-11-06 15:48:44 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2009-11-06 15:46:12 . 2009-11-06 15:46:12 -------- d-----w- C:\Program Files\Microsoft
2009-11-06 15:45:51 . 2009-11-06 15:45:51 -------- d-----w- C:\Program Files\Windows Live SkyDrive
2009-11-06 14:54:10 . 2009-11-06 14:54:10 -------- d-----w- C:\Program Files\Common Files\Windows Live
2009-11-02 19:42:06 . 2009-10-03 13:15:05 195456 ------w- C:\Windows\system32\MpSigStub.exe
2009-11-02 16:34:37 . 2009-11-02 16:34:37 -------- d-----w- C:\Users\proprietaire\AppData\Roaming\Win Novation
2009-11-02 16:14:47 . 2009-11-02 16:14:47 -------- d-----w- C:\Program Files\WNI
2009-10-30 09:28:59 . 2009-10-30 09:28:53 -------- d-----w- C:\Program Files\AGEIA Technologies
2009-10-27 15:05:11 . 2009-12-09 15:43:57 832512 ----a-w- C:\Windows\system32\wininet.dll
2009-10-27 15:01:43 . 2009-12-09 15:43:51 56320 ----a-w- C:\Windows\system32\iesetup.dll
2009-10-27 15:01:39 . 2009-12-09 15:43:54 52736 ----a-w- C:\Windows\AppPatch\iebrshim.dll
2009-10-27 15:01:39 . 2009-12-09 15:43:51 78336 ----a-w- C:\Windows\system32\ieencode.dll
2009-10-27 14:59:14 . 2009-12-09 15:43:51 72704 ----a-w- C:\Windows\system32\admparse.dll
2009-10-27 12:27:14 . 2009-12-09 15:43:51 26624 ----a-w- C:\Windows\system32\ieUnatt.exe
2009-10-27 10:56:00 . 2009-12-09 15:43:50 48128 ----a-w- C:\Windows\system32\mshtmler.dll
2009-10-15 13:57:50 . 2009-09-24 11:01:33 95259 ----a-w- C:\Windows\system32\drivers\klick.dat
2009-10-15 13:57:50 . 2009-09-24 11:01:33 108059 ----a-w- C:\Windows\system32\drivers\klin.dat
2009-10-04 08:44:16 . 2009-10-04 08:44:16 721904 ----a-w- C:\Windows\system32\drivers\sptd.sys
2009-10-01 09:09:16 . 2009-10-01 09:10:24 411368 ----a-w- C:\Windows\system32\deploytk.dll
2009-09-29 10:30:25 . 2009-09-29 10:30:25 268800 ----a-w- C:\Windows\system32\es.dll
2009-09-28 02:15:10 . 2009-09-28 02:15:10 7680 ----a-w- C:\Windows\system32\lsass.exe
2009-09-28 02:15:10 . 2009-09-28 02:15:10 72704 ----a-w- C:\Windows\system32\secur32.dll
2009-09-28 02:15:10 . 2009-09-28 02:15:10 494592 ----a-w- C:\Windows\system32\kerberos.dll
2009-09-28 02:15:10 . 2009-09-28 02:15:10 408136 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2009-09-28 02:15:10 . 2009-09-28 02:15:10 175104 ----a-w- C:\Windows\system32\wdigest.dll
2009-09-28 02:15:09 . 2009-09-28 02:15:09 272384 ----a-w- C:\Windows\system32\schannel.dll
2009-09-28 02:15:09 . 2009-09-28 02:15:09 1233920 ----a-w- C:\Windows\system32\lsasrv.dll
2009-09-28 02:12:59 . 2009-09-28 02:12:59 4164096 ----a-w- C:\Windows\system32\NlsLexicons0002.dll
2009-09-28 01:49:02 . 2009-09-28 01:49:02 97800 ----a-w- C:\Windows\system32\infocardapi.dll
2009-09-28 01:49:02 . 2009-09-28 01:49:02 622080 ----a-w- C:\Windows\system32\icardagt.exe
2009-09-28 01:49:02 . 2009-09-28 01:49:02 11264 ----a-w- C:\Windows\system32\icardres.dll
2009-09-28 01:48:58 . 2009-09-28 01:48:58 105016 ----a-w- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-28 01:48:57 . 2009-09-28 01:48:57 781344 ----a-w- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-28 01:48:57 . 2009-09-28 01:48:57 43544 ----a-w- C:\Windows\system32\PresentationHostProxy.dll
2009-09-28 01:48:57 . 2009-09-28 01:48:57 326160 ----a-w- C:\Windows\system32\PresentationHost.exe
2009-09-28 01:18:10 . 2009-09-28 01:18:10 96760 ----a-w- C:\Windows\system32\dfshim.dll
2009-09-28 01:18:09 . 2009-09-28 01:18:09 41984 ----a-w- C:\Windows\system32\netfxperf.dll
2009-09-28 01:18:08 . 2009-09-28 01:18:08 282112 ----a-w- C:\Windows\system32\mscoree.dll
2009-09-28 01:18:07 . 2009-09-28 01:18:07 83968 ----a-w- C:\Windows\system32\mscories.dll
2009-09-28 01:18:07 . 2009-09-28 01:18:07 158720 ----a-w- C:\Windows\system32\mscorier.dll
2009-09-27 10:50:56 . 2006-11-02 10:25:05 665600 ----a-w- C:\Windows\inf\drvindex.dat
2009-09-27 09:44:03 . 2009-09-27 09:44:03 61440 ----a-w- C:\Windows\system32\winipsec.dll
2009-09-27 09:44:03 . 2009-09-27 09:44:03 361984 ----a-w- C:\Windows\system32\IPSECSVC.DLL
2009-09-27 09:44:03 . 2009-09-27 09:44:03 28672 ----a-w- C:\Windows\system32\FwRemoteSvr.dll
2009-09-27 09:44:03 . 2009-09-27 09:44:03 272896 ----a-w- C:\Windows\system32\polstore.dll
2009-09-27 09:42:53 . 2009-09-27 09:42:53 87040 ----a-w- C:\Windows\system32\msoert2.dll
2009-09-27 09:42:53 . 2009-09-27 09:42:53 39424 ----a-w- C:\Windows\system32\ACCTRES.dll
2009-09-27 09:42:53 . 2009-09-27 09:42:53 205824 ----a-w- C:\Windows\system32\msoeacct.dll
2009-09-27 09:41:02 . 2009-09-27 09:41:02 9728 ----a-w- C:\Windows\system32\TCPSVCS.EXE
2009-09-27 09:41:02 . 2009-09-27 09:41:02 8704 ----a-w- C:\Windows\system32\HOSTNAME.EXE
2009-09-27 09:41:02 . 2009-09-27 09:41:02 27136 ----a-w- C:\Windows\system32\NETSTAT.EXE
2009-09-27 09:41:02 . 2009-09-27 09:41:02 19968 ----a-w- C:\Windows\system32\ARP.EXE
2009-09-27 09:41:02 . 2009-09-27 09:41:02 17920 ----a-w- C:\Windows\system32\ROUTE.EXE
2009-09-27 09:41:02 . 2009-09-27 09:41:02 15360 ----a-w- C:\Windows\system32\netevent.dll
2009-09-27 09:41:02 . 2009-09-27 09:41:02 11264 ----a-w- C:\Windows\system32\MRINFO.EXE
2009-09-27 09:41:02 . 2009-09-27 09:41:02 103936 ----a-w- C:\Windows\system32\netiohlp.dll
2009-09-27 09:41:02 . 2009-09-27 09:41:02 10240 ----a-w- C:\Windows\system32\finger.exe
2009-09-27 09:40:56 . 2009-09-27 09:40:56 813568 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2009-09-27 09:40:56 . 2009-09-27 09:40:56 22016 ----a-w- C:\Windows\system32\netiougc.exe
2009-09-27 09:40:56 . 2009-09-27 09:40:56 213592 ----a-w- C:\Windows\system32\drivers\netio.sys
2009-09-27 09:40:56 . 2009-09-27 09:40:56 167424 ----a-w- C:\Windows\system32\tcpipcfg.dll
2009-09-27 09:39:01 . 2009-09-27 09:39:01 194560 ----a-w- C:\Windows\system32\WebClnt.dll
2009-09-27 09:39:01 . 2009-09-27 09:39:01 110080 ----a-w- C:\Windows\system32\drivers\mrxdav.sys
2009-09-27 09:38:09 . 2009-09-27 09:38:09 123904 ----a-w- C:\Windows\system32\L2SecHC.dll
1999-05-06 06:22:00 . 2007-01-10 19:12:48 224150 --sha-r- C:\Windows\ConfigSetRoot\IO.SYS
1999-05-06 06:22:00 . 2007-01-10 19:12:48 1026 --sha-r- C:\Windows\ConfigSetRoot\MSDOS.SYS
2000-06-21 20:22:56 . 2007-01-10 19:12:47 0 --sha-w- C:\Windows\ConfigSetRoot\DOS\EBD.SYS
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{364d4e0c-543f-4b85-abe3-19551139da4f}"= "C:\Program Files\Softonic_France\tbSoft.dll" [2009-07-15 08:09:56 2224152]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_P.dll" [2009-07-02 09:18:02 2215960]

[HKEY_CLASSES_ROOT\clsid\{364d4e0c-543f-4b85-abe3-19551139da4f}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{364d4e0c-543f-4b85-abe3-19551139da4f}]
2009-07-15 08:09:56 2224152 ----a-w- C:\Program Files\Softonic_France\tbSoft.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-07-02 09:18:02 2215960 ----a-w- C:\Program Files\BS_Player\tbBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{364d4e0c-543f-4b85-abe3-19551139da4f}"= "C:\Program Files\Softonic_France\tbSoft.dll" [2009-07-15 08:09:56 2224152]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "C:\Program Files\BS_Player\tbBS_P.dll" [2009-07-02 09:18:02 2215960]

[HKEY_CLASSES_ROOT\clsid\{364d4e0c-543f-4b85-abe3-19551139da4f}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{364D4E0C-543F-4B85-ABE3-19551139DA4F}"= "C:\Program Files\Softonic_France\tbSoft.dll" [2009-07-15 08:09:56 2224152]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "C:\Program Files\BS_Player\tbBS_P.dll" [2009-07-02 09:18:02 2215960]

[HKEY_CLASSES_ROOT\clsid\{364d4e0c-543f-4b85-abe3-19551139da4f}]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-09-27 08:00:30 1232896]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2009-10-25 14:44:52 289072]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2009-09-02 13:27:36 25623336]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-27 14:02:33 39408]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2009-04-23 13:51:38 691656]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:35:32 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 15:44:52 3883856]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2009-08-22 10:31:06 5148672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-02 12:34:32 1004136]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 11:43:43 729088]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 06:46:59 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 06:46:59 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 06:46:59 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 05:36:59 4186112]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 16:27:32 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 05:27:27 815104]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-11 01:36:06 778240]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-01 09:09:17 149280]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2009-10-26 07:33:41 15872]

C:\Users\proprietaire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\Windows\System32\drivers\klbg.sys [29/01/2008 17:29:38 33808]
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [18/12/2009 13:37:17 64288]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [10/12/2006 17:31:13 24576]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\Windows\System32\drivers\klfltdev.sys [13/03/2008 18:02:46 26640]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\System32\drivers\StkCMini.sys [21/12/2006 19:36:45 1132544]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [17/01/2007 09:58:20 11120]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [09/07/2008 17:28:26 20496]
S2 gupdate1ca7de129b9da80;Service Google Update (gupdate1ca7de129b9da80);C:\Program Files\Google\Update\GoogleUpdate.exe [16/12/2009 00:48:53 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe" --> C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [06/11/2009 16:52:07 54632]
S3 fsssvc;Service Windows Live Contrôle parental;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48:42 704864]
S4 sptd;sptd;C:\Windows\System32\drivers\sptd.sys [04/10/2009 09:44:16 721904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
------- Examen supplémentaire -------
.
mWindow Title =
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - C:\Users\proprietaire\AppData\Roaming\Mozilla\Firefox\Profiles\uckl17cx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q=
FF - component: C:\Users\proprietaire\AppData\Roaming\Mozilla\Firefox\Profiles\uckl17cx.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{BC2471D2-B720-38D6-9A61-C780EFC93A81} - (no file)
HKCU-Run-EA Core - C:\Program Files\Electronic Arts\EADM\Core.exe
AddRemove-3DBELOTE_is1 - C:\Program Files\3DBELOTE\unins000.exe
AddRemove-Agendis - C:\Program Files\Agendis\Uninstal.exe
AddRemove-Coach Cérébral 3 - C:\PROGRA~1\HAPPYN~1\COACHC~1\UNWISE.EXE
AddRemove-dangerdeep - C:\Program Files\dangerdeep\Uninstall.exe
AddRemove-DivX Plus DirectShow Filters - C:\Program Files\DivX\DivXDSFiltersUninstall.exe
AddRemove-DVD Shrink_is1 - C:\Program Files\DVD Shrink\unins000.exe
AddRemove-EADM - C:\Program Files\Electronic Arts\EADM\Uninstall.exe
AddRemove-eBay Icon - C:\Users\proprietaire\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-Football Manager 2010 - C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe
AddRemove-Free Belote - C:\Program Files\Free Belote\uninstall.exe
AddRemove-KGB Archiver_is1 - C:\Program Files\KGB Archiver\unins000.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
AddRemove-PokerAcademyPro2 - C:\Program Files\PokerAcademyPro2\désinstaller.exe
AddRemove-Rainlendar2 - C:\Program Files\Rainlendar2\uninst.exe
AddRemove-{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} - C:\Program Files\PDFCreator\unins000.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - C:\Program Files\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - C:\Program Files\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - C:\Program Files\DivX\DivXPlayerUninstall.exe
AddRemove-{9799BD05-5F89-484C-008E-F50592F53440} - C:\Program Files\Electronic Arts\Harry Potter et la Coupe de Feu\EAUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - C:\Program Files\DivX\DivXConverterUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - C:\Program Files\DivX\DivXWebPlayerUninstall.exe
0
Réponse 19 / 26
Utilisateur anonyme
19 déc. 2009 à 21:34
Est ce que Malwarebytes fonctionne maintenant ?

a+
0
Réponse 20 / 26
smillie
19 déc. 2009 à 21:56
Oui j'ai pu l'ouvrir et suivre vos instruction plus haut. Voila le rapport :

Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3393
Windows 6.0.6000
Internet Explorer 7.0.6000.16945

19/12/2009 21:54:58
mbam-log-2009-12-19 (21-54-58).txt

Type de recherche: Examen rapide
Eléments examinés: 92399
Temps écoulé: 5 minute(s), 14 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc2471d2-b720-38d6-9a61-c780efc93a81} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bc2471d2-b720-38d6-9a61-c780efc93a81} (Trojan.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0

Discussions similaires

[PIX] Commencer chaque poème sur une nouvelle page
ETHAN -
Willzac -

19 réponses
Virus Android page internet qui s'ouvre
Maxibaer -
Gars sympa -

3 réponses
lire un fichier.page sur word
crycry_78 -
Yves -

25 réponses
comment numéroter les page ( pour 30 pages)
Mxlle-Den -
Raymond PENTIER -

3 réponses
Comment ouvrir un document "Pages" d'Apple sur Windows ?
diablerti2 -
pascal -

24 réponses