Virus Qui Empire

Résolu
astve9 Messages postés 8 Statut Membre -  
astve9 Messages postés 8 Statut Membre -
Bonjour,

Hier J'avais Un Virus Nommé HEUR/HTML.Malware Mais Aujourd'hui ça S'Aggrave :

-Connexion Ralentit
-PC Ralentit
-Notifications De Virus Toutes Les 2Min
-PC Qui S'Eteint Tout Seul
-Avira Antivir Ki Se Désactive Tout Seul

Donc Voici Le Log Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:16:21, on 23/02/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\AudioBox USB\InstPresonusUSBDrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Users\B.Snake\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [PreSonusUSBInstallApp] C:\Program Files\AudioBox USB\InstPresonusUSBDrv.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\B.Snake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

--
End of file - 9184 bytes
Configuration: Windows Vista / Firefox 3.5.8

10 réponses

  1. fabul Messages postés 42139 Date d'inscription   Statut Modérateur Dernière intervention   6 062
     
    Salut,

    Ton log n'est pas très bavar,

    Peux tu faire ceci en mode normal,(Pas en mode sans échec)

    Télécharge RegRun Reanimator (Par Greatis Software).

    Installe le.

    Clic sur scan for viruses.

    Clic sur scan windows startup.

    Coche la case "Use deep level scanning once".

    Clic sur "Make scan now".

    Clic sur la flèche verte "Fix problems".

    Si il propose Regguard,répond simplement Non,ou peu importe,c'est a ta discretion.

    Clic-droit sur le nom du premier item trouvé (dans le milieu de la fenètre) et "Save to file" pour sauvegarder le premier résultat dans un fichier nommé 1.txt (Par défaut dans "Mes Documents")

    Clic sur la flèche verte (en haut a droite) pour l'item suivant

    Clic-droit sur le nom du deuxième item trouvé (dans le milieu de la fenètre) et "Save to file" pour sauvegarder le deuxième résultat dans un fichier nommé 2.txt

    Ainsi de suite jusqu'au dernier ensuite,choisit "Exit" quand il te le sera proposé.

    Et poste les résultats contenus dans les fichiers 1.txt 2.txt 3.txt....
    0
  2. astve9 Messages postés 8 Statut Membre
     
    Suspicious :27

    1.txt

    Item Name: {D4027C7F-154A-4066-A1AD-4243D8127440}
    Author:
    Related File: C:\Program Files\Ask.com\GenericAskToolbar.dll
    Type: Browser Helper Objects

    2.txt

    Item Name: Notepad++
    Author: Burgaud.com
    Related File: C:\Program Files\Notepad++\nppcm.dll
    Type: Context Menu Handlers

    3.txt

    Item Name: a5b3o29g.SYS
    Author: Microsoft Corporation
    Related File: C:\Windows\SYSTEM32\DRIVERS\A5B3O29G.SYS
    Type: Drivers
    0
  3. fabul Messages postés 42139 Date d'inscription   Statut Modérateur Dernière intervention   6 062
     
    Et,parmi les 27,tu est cappable de distinguer quelques légitimes comme les 3 premiers?

    J'imagine que tu a daemon tools (le 3ème) A#######.SYS
    0
  4. astve9 Messages postés 8 Statut Membre
     
    J'Ai Enlevé Ceux Que je Connais! Les 2 Derniers Me Paraissent Les Plus Suspects!

    Item Name: a1zsrwri.SYS
    Author: Microsoft Corporation
    Related File: C:\Windows\SYSTEM32\DRIVERS\A1ZSRWRI.SYS
    Type: Drivers

    Item Name: vidc.VP60
    Author: On2.com
    Related File: C:\Windows\system32\vp6vfw.dll
    Type: Codecs

    Item Name: vidc.VP61
    Author: On2.com
    Related File: C:\Windows\system32\vp6vfw.dll
    Type: Codecs

    Item Name: msacm.vorbis
    Author: HMS http://hp.vector.co.jp/authors/VA012897/
    Related File: vorbis.acm
    Type: Codecs

    Item Name: msacm.dvacm
    Author: Corel TW Corp.
    Related File: C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
    Type: Codecs

    Item Name: msacm.MPEGacm
    Author: Ulead Systems, Inc.
    Related File: C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
    Type: Codecs

    Item Name: msacm.ulmp3acm
    Author: Ulead systems
    Related File: C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
    Type: Codecs

    Item Name: msacm.voxacm160
    Author: Voxware, Inc.
    Related File: vct3216.acm
    Type: Codecs

    Item Name: msacm.scg726
    Author: SHARP Corporation
    Related File: scg726.acm
    Type: Codecs

    Item Name: msacm.alf2cd
    Author: NCT Company
    Related File: alf2cd.acm
    Type: Codecs

    Item Name: vidc.dvsd
    Author: MainConcept
    Related File: mcdvd_32.dll
    Type: Codecs

    Item Name: vidc.mpg4
    Author: Microsoft Corporation
    Related File: mpg4c32.dll
    Type: Codecs

    Item Name: vidc.mp42
    Author: Microsoft Corporation
    Related File: mpg4c32.dll
    Type: Codecs

    Item Name: vidc.mp43
    Author: Microsoft Corporation
    Related File: mpg4c32.dll
    Type: Codecs

    Item Name: 1D7BED2CC7.sys
    Author: Unknown
    Related File: C:\Windows\system32\1D7BED2CC7.sys
    Type: Detected using Heuristic Algorithm

    Item Name: {66BA574B-1E11-49b8-909C-8CC9E0E8E015}
    Author:
    Related File: C:\Users\B6D2F~1.SNA\AppData\Local\Temp\Hp1.exe
    Type: Scheduled Tasks
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. fabul Messages postés 42139 Date d'inscription   Statut Modérateur Dernière intervention   6 062
     
    Oui,en effet,je supprimerais les deux derniers.

    Get it out,confirme,Reboot a la fin et confirme.

    Ensuite,fait un scan Malwarebytes.
    0
  7. astve9 Messages postés 8 Statut Membre
     
    Malwarebytes

    Malwarebytes' Anti-Malware 1.44
    Version de la base de données: 3782
    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18882

    24/02/2010 02:01:57
    mbam-log-2010-02-24 (02-01-50).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|G:\|)
    Eléments examinés: 433784
    Temps écoulé: 2 hour(s), 17 minute(s), 30 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 14

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\TOY5KNQ8OC (Trojan.FakeAlert) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Users\B.Snake\AppData\Local\Temp\BITF1E7.tmp (Trojan.Dropper) -> No action taken.
    C:\Users\B.Snake\AppData\Local\Temp\dhdhtrdhdrtr5y (Trojan.FakeAlert) -> No action taken.
    C:\Users\B.Snake\AppData\Local\Temp\BIT4669.tmp (Trojan.Dropper) -> No action taken.
    C:\Users\B.Snake\AppData\Local\Temp\BIT5D91.tmp (Trojan.Dropper) -> No action taken.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1DJ4UMVV\ysautnmg[1].htm (Malware.Packer.Gen) -> No action taken.
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHN17NB5\ycpxe[1].htm (Malware.Packer.Gen) -> No action taken.
    C:\Windows\Temp\TMP0000006595BC828983DFB494 (Rootkit.TDSS) -> No action taken.
    C:\ProgramData\mswintmp.dat (Malware.Trace) -> No action taken.
    C:\Windows\Temp\5_odbns.exe (Trojan.Agent) -> No action taken.
    C:\Windows\Temp\avto.exe (Trojan.Agent) -> No action taken.
    C:\Windows\Temp\avto1.exe (Trojan.Agent) -> No action taken.
    C:\Windows\Temp\teste1_p.exe (Trojan.Agent) -> No action taken.
    C:\Windows\Temp\teste2_p.exe (Trojan.Agent) -> No action taken.
    C:\Windows\Temp\teste3_p.exe (Trojan.Agent) -> No action taken.
    0
  8. fabul Messages postés 42139 Date d'inscription   Statut Modérateur Dernière intervention   6 062
     
    Suprime la sélection et fait un scan et un log Hijackthis pour vérifier certains détails.
    0
  9. astve9 Messages postés 8 Statut Membre
     
    Voilà

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:17:25, on 24/02/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18882)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\AudioBox USB\InstPresonusUSBDrv.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=5080918
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
    O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [PreSonusUSBInstallApp] C:\Program Files\AudioBox USB\InstPresonusUSBDrv.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\B.Snake\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
    O9 - Extra 'Tools' menuitem: Ghost Navigator - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Ghost Navigator2_8_2\Ghost (file missing)
    O13 - Gopher Prefix:
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
    O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - Unknown owner - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
    0
  10. fabul Messages postés 42139 Date d'inscription   Statut Modérateur Dernière intervention   6 062
     
    Tu peux fixer cette ligne inutile avec HijackThis , coche la case et choisit fix checked

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    Si tu veut désactiver des programmes inutilses au démarrage,tu peux utiliser le gestionnaire de démarrage de Revo Uninstaller qui va très bien (pour les programmes 32 bit) ou msconfig.

    Si tu sens que tout est rentré dans l'ordre,tu peux mettre le sujet en résolu,si il y a un problème,n'hésite pas a le dire.

    Et,Utilise Uninstall Partizan dans le programme avant de le désinstaller.

    Si tu utilise un Windows 64 bit,remet cette clé de registre comme ça (si elle ne l'est pas):

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
    "BootExecute"= autocheck autochk *

    @+
    0
  11. astve9 Messages postés 8 Statut Membre
     
    Merci Pour Ton Aide! Pour L'instant Tout Est OK!! Espérons Que ça Dure! @+
    0