Sujet Précédent Sujet Suivant

Publicités intempestives

Fermé
Geogeodom Messages postés 49 Date d'inscription vendredi 18 décembre 2009 Statut Membre Dernière intervention 23 décembre 2009 - 19 déc. 2009 à 11:57
 gigi - 24 déc. 2009 à 02:45
Bonjour,

Je viens demander de l'aide, car depuis hier j'ai des publicités qui s'ouvrent les unes aprés les autres, que je sois sur IE ou Firefox.
J'ai l'habitude de prendre soin de mon PC avec le peu de connaissances que je possède en informatique. Mais hier j'ai en fait prété mon PC à ma petite amie pour qu'elle regarde le début de la saison de Grey's anatomy en streaming, et je ne sais pas trop ce qu'elle à fait mais elle a accepté quelque chose sur mon PC et donc depuis j'ai des pubs qui envahissent mon écran.
J'ai vu aussi qu'un ad-ware avait été bloqué par avast mais je ne m'y connais pas beaucoup là dessus.

Pourriez vous m'aider à me débarasser de tout cela et par le biais de cette intervention m'aider à faire un nettoyage efficace de mon PC, et puis m'aider à bien régler les paramètres de sécurité pour ne plus que ca se reproduise.

Merci par avance de votre aide, et je vous souhaite à tous de bonnes fêtes de fin d'année.

Cordialement Geoffroy
A voir également:

95 réponses

Précédent
Réponse 61 / 95
gigi
21 déc. 2009 à 01:56
telecharge trojan remover( version d essaie il est en anglais )il est efficace,pour les parametre de securite de ton pc c est a vous de ne pas accepter n importe quoi !!! et oui a 80% des pc verolé c est a causes de negligences bon noel
0
Réponse 62 / 95
Utilisateur anonyme
21 déc. 2009 à 09:04
Gigi, arrête !!!!!!!
0
gigi
21 déc. 2009 à 18:15
gigi arrete quoi??????
0
Utilisateur anonyme > gigi
21 déc. 2009 à 18:17
De dire des connerie !
0
gigi > Utilisateur anonyme
21 déc. 2009 à 18:42
je repond pour aider pas pour polemiquer excuse moi mon petit mais j ai eu le meme probleme de pub intempesives et avec trojan remover probleme resolu par contre toi vu le nombre de logiciels de securite qui t interesse toi ta un prob
0
Utilisateur anonyme > gigi
21 déc. 2009 à 18:44
Trojan Remover fais rien fasse a ses infections !
0
gigi > Utilisateur anonyme
21 déc. 2009 à 18:53
sa ne risque rien d essayer ça a bien fonctionné pour moi allé bon noel
0
Réponse 63 / 95
Utilisateur anonyme
21 déc. 2009 à 09:05
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DÉSACTIVE TOUTES TES DÉFENSES (anti-virus, antispyware, pare-feu) le temps de la manipulation : en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!

---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

Télécharge le ici : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tuto ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :

Double-clique sur C-Fix.exe (= combofix.exe ) .

Appuie sur une touche pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
0
Réponse 64 / 95
Geogeodom Messages postés 49 Date d'inscription vendredi 18 décembre 2009 Statut Membre Dernière intervention 23 décembre 2009
22 déc. 2009 à 00:52
j'avais désactivé Avast, mais je ne sais pas si je l'ai bien fait?
si j'ai pas bien fait ce qu'il fallait, je suis désolé par avance.

ComboFix 09-12-20.04 - Geoffroy 21/12/2009 23:36:52.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.1982.1159 [GMT 1:00]
Lancé depuis: c:\users\Geoffroy\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 091221-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 091221-1] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Geoffroy\AppData\Local\Bron.tok.A17.em.bin
c:\users\Geoffroy\AppData\Local\Kosong.Bron.Tok.txt

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RDPWD
-------\Service_TDTCP


((((((((((((((((((((((((((((( Fichiers créés du 2009-11-21 au 2009-12-21 ))))))))))))))))))))))))))))))))))))
.

2009-12-21 22:47 . 2009-12-21 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-18 23:16 . 2009-12-18 23:16 -------- d-----w- c:\program files\Lavasoft
2009-12-18 23:02 . 2009-12-18 23:02 -------- d-----w- c:\program files\CCleaner
2009-12-10 08:38 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 08:38 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 08:38 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 09:52 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-11-26 09:24 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 10:15 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 10:15 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-22 15:53 . 2009-08-05 21:48 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2009-11-22 15:50 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-21 23:44 . 2009-02-27 18:28 28124 ----a-w- c:\programdata\nvModes.dat
2009-12-21 10:33 . 2009-12-18 23:16 -------- d-----w- c:\programdata\Lavasoft
2009-12-20 14:03 . 2006-11-02 15:48 678956 ----a-w- c:\windows\system32\perfh00C.dat
2009-12-20 14:03 . 2006-11-02 15:48 128004 ----a-w- c:\windows\system32\perfc00C.dat
2009-12-19 17:45 . 2009-12-19 11:22 -------- d-----w- c:\program files\trend micro
2009-12-19 15:51 . 2009-12-19 15:51 -------- d-----w- c:\users\Geoffroy\AppData\Roaming\Malwarebytes
2009-12-19 15:51 . 2009-12-19 15:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-26 09:19 . 2009-11-26 09:19 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbC275.tmp.exe
2009-11-25 09:28 . 2009-11-25 09:28 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8F55.tmp.exe
2009-11-22 15:52 . 2007-09-06 19:30 -------- d-----w- c:\program files\Windows Live
2009-11-21 06:40 . 2009-12-09 09:53 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 09:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 09:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-09 09:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-18 09:46 . 2009-11-18 09:46 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-18 09:46 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-18 09:46 . 2009-11-18 09:46 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-06 07:27 . 2007-09-06 19:30 -------- d-----w- c:\program files\Messenger Plus! Live
2009-11-02 19:42 . 2009-10-02 16:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-31 20:07 . 2009-10-31 15:29 -------- d-----w- c:\program files\myTV
2009-10-30 22:34 . 2009-10-30 22:34 -------- d-----w- c:\programdata\Firefly Studios
2009-10-30 22:32 . 2009-10-30 22:32 8854 ----a-r- c:\users\Geoffroy\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\Uninstall_GameShadow_5A2F371F8B5D46B4833C0612B065BEC7.exe
2009-10-30 22:32 . 2009-10-30 22:32 45056 ----a-r- c:\users\Geoffroy\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-10-30 22:32 . 2009-10-30 22:32 45056 ----a-r- c:\users\Geoffroy\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2009-10-30 22:32 . 2009-10-30 22:32 45056 ----a-r- c:\users\Geoffroy\AppData\Roaming\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe
2009-10-30 22:32 . 2009-10-30 22:32 -------- d-----w- c:\program files\GameShadow
2009-10-30 22:23 . 2009-10-30 22:23 -------- d-----w- c:\program files\Firefly Studios
2009-10-08 21:08 . 2009-11-18 09:30 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-11-18 09:30 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-11-18 09:30 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 01:02 . 2009-11-18 09:32 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-18 09:33 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-18 09:32 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-18 09:32 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-18 09:33 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-18 09:32 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-18 09:32 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-18 09:32 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-18 09:32 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-18 09:32 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-18 09:32 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-18 09:33 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10 . 2009-11-18 09:33 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-18 09:33 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-18 09:33 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-18 09:33 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-18 09:33 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-18 09:33 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-18 09:33 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-18 09:33 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-18 09:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-18 09:33 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-18 09:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-18 09:33 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-18 09:33 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-18 09:33 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-18 09:33 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-18 09:33 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-18 09:33 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-18 09:33 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-18 09:33 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-11-18 09:33 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-11-18 09:33 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-18 09:33 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-18 09:33 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-18 09:33 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-18 09:33 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-18 09:33 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-18 09:33 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-27 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-23 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SetPoint"="c:\program files\Logitech\SetPoint\KEM.EXE" [2004-10-28 581632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2007-9-4 581632]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):09,e3,7d,34,2d,53,ca,01

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [17/05/2008 12:07 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [17/05/2008 12:07 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [17/05/2008 12:07 51280]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17/09/2009 21:04 133104]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\System32\drivers\alcan5ln.sys [12/09/2007 15:04 36048]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [24/09/2008 22:35 21504]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [22/11/2009 16:53 54632]
S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
------- Examen supplémentaire -------
.
IE: ajouter cette page à vos favoris Orange - c:\users\Geoffroy\AppData\Local\Temp\cce4848.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: traduire la page - c:\users\Geoffroy\AppData\Local\Temp\cce4836.html
IE: traduire le texte sélectionné - c:\users\Geoffroy\AppData\Local\Temp\cce4847.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: chat-land.org
FF - ProfilePath - c:\users\Geoffroy\AppData\Roaming\Mozilla\Firefox\Profiles\zb3kktbf.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.cherche.us/
FF - prefs.js: keyword.URL - hxxp://r.orange.fr/r?ref=O_toolbar32_hook_syntaxError&url=http%3A//rws.search.ke.voila.fr/RW/A/O_toolbar31?errorigin=noturl&kw=
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
AddRemove-Ad-Remover - c:\program files\Ad-Remover\Uninstall ADR.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-22 00:45
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3072)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\conime.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\rundll32.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\Logitech\SetPoint\KHALMNPR.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2009-12-22 00:50:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-12-21 23:50

Avant-CF: 92 893 491 200 octets libres
Après-CF: 93 705 555 968 octets libres

- - End Of File - - 6A0733B4DDC46420F6F4378DFCBC5E95
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 95
Utilisateur anonyme
22 déc. 2009 à 09:08
Ok, refait un RSIT
0
Réponse 66 / 95
Geogeodom Messages postés 49 Date d'inscription vendredi 18 décembre 2009 Statut Membre Dernière intervention 23 décembre 2009
22 déc. 2009 à 11:51
J'ai téléchargé Rsit à nouveau comme on l'avait supprimé lors du nettoyage des outils et voilà ce que j'obtiens :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Geoffroy at 2009-12-22 11:50:02
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2
System drive C: has 89 GB (62%) free of 145 GB
Total RAM: 1982 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:04, on 22/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Geoffroy\Desktop\RSIT.exe
C:\Program Files\trend micro\Geoffroy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O15 - Trusted Zone: *.chat-land.org
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 67 / 95
Utilisateur anonyme
22 déc. 2009 à 12:02
Comment va l'ordi ?
0
Réponse 68 / 95
Utilisateur anonyme
22 déc. 2009 à 12:13
Fais ça :
Désactive tes protections

Télécharge OTM de OldTimer sur le bureau :

==> [oldtimer.geekstogo.com/OTM.exe OTM]oldtimer.geekstogo.com/OTM.exe OTM



Double-clique sur OTM.exe sur le bureau

---> sous VISTA: clic droit: exécuter en temps qu'administrateur.

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved

:files 
C:\Program Files\PokerStars.NET\
C:\Program Files\PokerStars


:commands

[emptytemp]
[reboot]



- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTM qui se trouve dans C:\_OTM\MovedFiles.

Réactives tes protections
0
Réponse 69 / 95
Geogeodom Messages postés 49 Date d'inscription vendredi 18 décembre 2009 Statut Membre Dernière intervention 23 décembre 2009
22 déc. 2009 à 12:17
je n'arrive pas a telecherger OTM, ca me met que l'adresse est invalide.

Sinon le PC va plutot bien, je ne vois plus de signe apparant de perturbations.

Merci
0
Réponse 70 / 95
Utilisateur anonyme
22 déc. 2009 à 12:17
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
0
Réponse 71 / 95
Geogeodom Messages postés 49 Date d'inscription vendredi 18 décembre 2009 Statut Membre Dernière intervention 23 décembre 2009
22 déc. 2009 à 12:29
All processes killed
========== FILES ==========
C:\Program Files\PokerStars.NET\update folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\chairs folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\label folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\ctrls folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck\chips folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base\chips&deck folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick\base folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\slick folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\simple\label folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\simple folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\preview\lobby folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\preview folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black\templates folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black\lobby folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black\label folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black\images folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black\ctrls folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\black folder moved successfully.
C:\Program Files\PokerStars.NET\Themes\&default folder moved successfully.
C:\Program Files\PokerStars.NET\Themes folder moved successfully.
C:\Program Files\PokerStars.NET\Snd folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\templates folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\replay folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\lobby\en folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\lobby folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\label folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\fonts folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\ctrls folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\simple folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\large folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck\default folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\deck folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\6 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\5 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\4 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\3 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\2 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\1 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips\0 folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck\chips folder moved successfully.
C:\Program Files\PokerStars.NET\Gx\chips&deck folder moved successfully.
C:\Program Files\PokerStars.NET\Gx folder moved successfully.
C:\Program Files\PokerStars.NET\backup\gx\templates folder moved successfully.
C:\Program Files\PokerStars.NET\backup\gx folder moved successfully.
C:\Program Files\PokerStars.NET\backup folder moved successfully.
C:\Program Files\PokerStars.NET folder moved successfully.
C:\Program Files\PokerStars\update folder moved successfully.
C:\Program Files\PokerStars\themes\simple\label folder moved successfully.
C:\Program Files\PokerStars\themes\simple folder moved successfully.
C:\Program Files\PokerStars\themes\preview\lobby folder moved successfully.
C:\Program Files\PokerStars\themes\preview folder moved successfully.
C:\Program Files\PokerStars\themes\black\templates folder moved successfully.
C:\Program Files\PokerStars\themes\black\lobby folder moved successfully.
C:\Program Files\PokerStars\themes\black\label folder moved successfully.
C:\Program Files\PokerStars\themes\black\images folder moved successfully.
C:\Program Files\PokerStars\themes\black\ctrls folder moved successfully.
C:\Program Files\PokerStars\themes\black folder moved successfully.
C:\Program Files\PokerStars\themes\&default folder moved successfully.
C:\Program Files\PokerStars\themes folder moved successfully.
C:\Program Files\PokerStars\snd folder moved successfully.
C:\Program Files\PokerStars\gx\templates folder moved successfully.
C:\Program Files\PokerStars\gx\replay folder moved successfully.
C:\Program Files\PokerStars\gx\lobby\en folder moved successfully.
C:\Program Files\PokerStars\gx\lobby folder moved successfully.
C:\Program Files\PokerStars\gx\label folder moved successfully.
C:\Program Files\PokerStars\gx\fonts folder moved successfully.
C:\Program Files\PokerStars\gx\ctrls folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\6 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\5 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\4 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\3 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\2 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\1 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple\0 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\simple folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\6 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\5 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\4 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\3 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\2 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\1 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large\0 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\large folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\6 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\5 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\4 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\3 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\2 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\1 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default\0 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck\default folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\deck folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\6 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\5 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\4 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\3 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\2 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\1 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips\0 folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck\chips folder moved successfully.
C:\Program Files\PokerStars\gx\chips&deck folder moved successfully.
C:\Program Files\PokerStars\gx folder moved successfully.
C:\Program Files\PokerStars\backup\gx\templates folder moved successfully.
C:\Program Files\PokerStars\backup\gx folder moved successfully.
C:\Program Files\PokerStars\backup folder moved successfully.
C:\Program Files\PokerStars folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Geoffroy
->Temp folder emptied: 475876 bytes
->Temporary Internet Files folder emptied: 14783591 bytes
->Java cache emptied: 58954749 bytes
->FireFox cache emptied: 56314205 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 2996 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 14391615 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 31494411 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 168,00 mb


OTM by OldTimer - Version 3.1.3.0 log created on 12222009_122412

Files moved on Reboot...
C:\Users\Geoffroy\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...
0
Réponse 72 / 95
Utilisateur anonyme
22 déc. 2009 à 12:31
J'ai reverifier ton rapport RSIT et ça sent mauvais !! Suis bien les instructions :

Télécharge MBR.exe de GMER : http://www2.gmer.net/mbr/mbr.exe
Placez le fichier sur votre bureau

* Désactive tous les programmes de protection (antivirus, antispyware etc.)
* Double-clique sur mbr.exe.. une fenêtre noire va s'ouvrir et se refermer.
* Un rapport sera généré mbr.log
* Poste son contenu sur le forum !
0
Réponse 73 / 95
Geogeodom Messages postés 49 Date d'inscription vendredi 18 décembre 2009 Statut Membre Dernière intervention 23 décembre 2009
22 déc. 2009 à 12:40
C'est ca le rapport?
Mon ordi n'est pas en forme? c'est grave?

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0
Réponse 74 / 95
Utilisateur anonyme
22 déc. 2009 à 12:43
J'ai eu peur, non, c'est bon, tu as pas le rootkit MBR !

Re-Désactive tes protections
Double-clique sur OTM.exe sur le bureau

---> sous VISTA: clic droit: exécuter en temps qu'administrateur.

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste Instructions for Items to be Moved 

:files

C:\Windows\PEV.exe 

:commands


[emptytemp]
[reboot]



- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTM qui se trouve dans C:\_OTM\MovedFiles.

Réactives tes protections
0
Réponse 75 / 95
Geogeodom Messages postés 49 Date d'inscription vendredi 18 décembre 2009 Statut Membre Dernière intervention 23 décembre 2009
22 déc. 2009 à 12:54
All processes killed
========== FILES ==========
C:\Windows\PEV.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Geoffroy
->Temp folder emptied: 32237 bytes
->Temporary Internet Files folder emptied: 1503003 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb


OTM by OldTimer - Version 3.1.3.0 log created on 12222009_125116

Files moved on Reboot...
C:\Users\Geoffroy\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...
0
Réponse 76 / 95
Utilisateur anonyme
22 déc. 2009 à 12:56
Fais juste un HJT (qui se trouve ici : C:\Program Files\trend micro\Geoffroy.exe )
0
Réponse 77 / 95
Geogeodom Messages postés 49 Date d'inscription vendredi 18 décembre 2009 Statut Membre Dernière intervention 23 décembre 2009
22 déc. 2009 à 13:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:00, on 22/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Geoffroy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O15 - Trusted Zone: *.chat-land.org
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 78 / 95
Utilisateur anonyme
22 déc. 2009 à 13:10
Relance HJT, clique sur "Do a system scan only".
Coche ces lignes : 

R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file) 
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (file missing)
O15 - Trusted Zone: *.chat-land.org


Et fait fix checked ! Refait un HJT ensuite
0
Réponse 79 / 95
Geogeodom Messages postés 49 Date d'inscription vendredi 18 décembre 2009 Statut Membre Dernière intervention 23 décembre 2009
22 déc. 2009 à 13:13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:53, on 22/12/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Geoffroy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\Geoffroy\AppData\Local\Temp\cce4848.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: traduire la page - C:\Users\Geoffroy\AppData\Local\Temp\cce4836.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\Geoffroy\AppData\Local\Temp\cce4847.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 80 / 95
Utilisateur anonyme
22 déc. 2009 à 13:20
Redémarre l'ordi. Il va bien ?
0

Discussions similaires

Message "Un bloqueur de publicité empêche la lecture..."
pistouri -
pistouri -

0 réponse
Impossible de créer un compte Facebook Business Manager
Lely -
Malkii -

35 réponses
Publicité s'ouvre toute seule ! ?
RRD91 -
Vinz -

52 réponses
Pub intempestive sur smartphone Android.
Camitte -
Yoyo -

31 réponses
Dailymotion sans désactiver l'Adblocker, possible ?
Vitamine -
HelpiOS -

5 réponses