Sujet Précédent Sujet Suivant

Rapport hijackthis

BoTkilla Messages postés 4741 Statut Contributeur -  
BoTkilla Messages postés 4741 Statut Contributeur -
Bonjour,
j'ai un soucis avec un pc qui ne veut plus se connecter a partir de IE ou de chrome mais aucun soucis avec mozilla...
analyse et desinfection faite avec malwarebytes faite, analyse avec ad-aware faite..
meme avast ne veut plus se connecter aux serveurs pour mise a jour.
je poste ici le rapport hijackthis, merci de votre aide:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:04:41 PM, on 6/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Bock\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1028
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
R3 - URLSearchHook: (no name) - {19A0F032-27D7-4227-BBB5-51AA9E5904F5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [nnkihhsys] rundll32.exe "c:\docume~1\jim\locals~1\temp\ssttrs.dll",DllRegisterServer (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Jim')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_2_1.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://mail02.mygulfstream.com/dwa8W.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe


A voir également:

15 réponses

Réponse 1 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt c'est toi qui as mis un proxy?

colle un rapport de nettoyage avec AD REMOVER
0
Réponse 2 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
non, rien toucher...
je viens juste de nettoyer ce que je pouvais mais ce n'est pas mon pc.
je scan et poste le rapport
merci de ton aide
0
Réponse 3 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

Updated by C_XX on 17/06/10 at 18:00
Contact: AdRemover.contact@gmail.com
website: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 16:21:57 on 17/06/2010, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
Bock, BOCK-622F40D139 ( )

============== SEARCH ==============

0,File found: C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.1.1.inf
0,File found: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
0,File found: C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\searchplugins\mywebsearch.xml
0,Folder found: C:\Documents and Settings\Bock\Local Settings\Application Data\Conduit
0,Folder found: C:\Program Files\Conduit
0,Folder found: C:\Program Files\SGPSA
0,Folder found: C:\Documents and Settings\All Users\Application Data\Trymedia

-- File opened: C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\Prefs.js --
Line found: user_pref("ct2418376.searchengine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line found: user_pref("ct2418376.searchfromaddressbarurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241...
Line found: user_pref("browser.search.defaultthis.enginename", "PageRage Customized Web Search");
Line found: user_pref("browser.search.defaultthis.enginename", "PageRage Customized Web Search");
Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&Sea...
Line found: user_pref("browser.search.selectedengine", "PageRage Customized Web Search");
Line found: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2418376&SearchSource=13");
Line found: user_pref("communitytoolbar.searchfromaddressbarsavedurl", "hxxp://search.mywebsearch.com/mywebsearc...
Line found: user_pref("ct2418376.searchengine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line found: user_pref("ct2418376.searchfromaddressbarurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241...
Line found: user_pref("extensions.mywebsearch.opensearchurl", "hxxp://search.mywebsearch.com/mywebsearch/opensea...
Line found: user_pref("extensions.mywebsearch.prevkwdenabled", true);
Line found: user_pref("extensions.mywebsearch.prevkwdurl", "data:text/plain);
-- File closed --

1,Key found: HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
1,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
1,Key found: HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
1,Key found: HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
1,Key found: HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
1,Key found: HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
1,Key found: HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
1,Key found: HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
0,Key found: HKLM\Software\Classes\AskIBar.PopSwatterBarButton
0,Key found: HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
0,Key found: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
0,Key found: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
0,Key found: HKLM\Software\Classes\AskToolBar.SettingsPlugin
0,Key found: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
0,Key found: HKLM\Software\Classes\ComObject.DeskbarEnabler
0,Key found: HKLM\Software\Classes\ComObject.DeskbarEnabler.1
0,Key found: HKLM\Software\Conduit
0,Key found: HKLM\Software\Trymedia Systems
0,Key found: HKCU\Software\Conduit
0,Key found: HKCU\Software\PopCap
0,Key found: HKCU\Software\AppDataLow\AskBarDis
3,Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
3,Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
3,Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36BC6ED0-E6B8-4937-BCD7-62942532A3FB}
3,Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CCEFEED-2374-4d5a-87D7-46DC4E81B3CA}
0,Key found: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
0,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall

0,Value found: HKLM\Software\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com
0,Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
0,Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.5.2 (en-US)] **

-- C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\Prefs.js --
browser.search.defaultenginename, Google
browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
browser.search.selectedengine, PageRage Customized Web Search
browser.search.selectedengine, Dogpile Search!
browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2418376&SearchSource=13
browser.startup.homepage_override.mstone, rv:1.9.1.2
keyword.url, hxxp://ws.infospace.com/playsushi_tbard/ws/redir?_iceUrl=true& user_id=&tool_id=60231&qkw=

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
SearchAssistant:
Search bar:
Search Page:
Show_ToolBar: yes
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 2 File(s)
C:\Program Files\Ad-Remover\Backup: 2 File(s)

C:\Ad-Report-SCAN[1].txt - 17/06/2010 (4995 Byte(s))

End at: 16:24:04, 17/06/2010

============== E.O.F ==============
0
Réponse 4 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
quelqu'un svp c'est assez urgent.
merci

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
up
0
Réponse 6 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
j'attends toujours le rapport de suppression de AD REMOVER....
0
Réponse 7 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
regarde au dessus (4 post).
c'est le seul rapport que ad-remover m'a donne

0
Réponse 8 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
desole, pas vu avant:

======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

Updated by C_XX on 17/06/10 at 18:00
Contact: AdRemover.contact@gmail.com
website: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 11:57:50 on 18/06/2010, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86)
Bock, BOCK-622F40D139 ( )

============== ACTION(S) ==============

0,File deleted: C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.1.1.inf
0,File deleted: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
0,File deleted: C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\searchplugins\mywebsearch.xml
0,Folder deleted: C:\Documents and Settings\Bock\Local Settings\Application Data\Conduit
0,Folder deleted: C:\Program Files\Conduit
0,Folder deleted: C:\Program Files\SGPSA
0,Folder deleted: C:\Documents and Settings\All Users\Application Data\Trymedia

(!) -- Temporary files deleted.

-- File opened: C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\Prefs.js --
-- File closed --

1,Key deleted: HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
1,Key deleted: HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
1,Key deleted: HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
1,Key deleted: HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
1,Key deleted: HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
1,Key deleted: HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
1,Key deleted: HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton
0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
0,Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin
0,Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
0,Key deleted: HKLM\Software\Classes\ComObject.DeskbarEnabler
0,Key deleted: HKLM\Software\Classes\ComObject.DeskbarEnabler.1
0,Key deleted: HKLM\Software\Conduit
0,Key deleted: HKLM\Software\Trymedia Systems
0,Key deleted: HKCU\Software\Conduit
0,Key deleted: HKCU\Software\PopCap
0,Key deleted: HKCU\Software\AppDataLow\AskBarDis
3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36BC6ED0-E6B8-4937-BCD7-62942532A3FB}
3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CCEFEED-2374-4d5a-87D7-46DC4E81B3CA}
0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall

0,Value deleted: HKLM\Software\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com
0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}

============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.5.2 (en-US)] **

-- C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\Prefs.js --
browser.search.defaultenginename, Google
browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
browser.search.selectedengine, PageRage Customized Web Search
browser.search.selectedengine, Dogpile Search!
browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2418376&SearchSource=13
browser.startup.homepage_override.mstone, rv:1.9.1.2
keyword.url, hxxp://ws.infospace.com/playsushi_tbard/ws/redir?_iceUrl=true& user_id=&tool_id=60231&qkw=

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
SearchAssistant:
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 13 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 18/06/2010 (1164 Byte(s))
C:\Ad-Report-SCAN[1].txt - 17/06/2010 (6911 Byte(s))

End at: 11:59:36, 18/06/2010

============== E.O.F ==============

0
Réponse 9 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
scan avec malwarebyte après l'avoir mis à jour, fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

rs: avast en est à la version 5
0
Réponse 10 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
rapport malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2010 12:22:52 PM
mbam-log-2010-06-18 (12-22-52).txt

Scan type: Quick scan
Objects scanned: 130152
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

0
Réponse 11 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
malwarebyte n'a pas été mis à jour avant l'analyse ...
0
Réponse 12 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
tu veux toujours le log de rsit??
ou j'attend de reposter analyse malwarebytes??
0
Réponse 13 / 15
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
je veux bien les deux
RSIT après le rapport de malwarebyte
0
Réponse 14 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
ok merci de ton aide
0
Réponse 15 / 15
BoTkilla Messages postés 4741 Statut Contributeur 264
 
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4212

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2010 12:36:06 PM
mbam-log-2010-06-18 (12-36-06).txt

Scan type: Quick scan
Objects scanned: 137512
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses