Administateur systeme Fermé

Question

Bonjours,
 Sur mon ordi. il a seulement un compte qui est le mien et il est administrateur systeme.

-je ne peux pas désactiver la mise a jour de Windows.
  Sous..propriétés système/Mises a jour automatique/
  Les option sont ombragés.

-Je ne peux pas avoir un fichier de partage dans Windows Live  
  Messenger. Il donne le message suivant: Votre ordinateur ne  prend pas en charge les dossiers de partage. Aide...dans aide il est écrit que la cause pourrait etre le fait que je ne suis pas administrateur, ce qui serait faux.

Merci de votre aide !

Utilisateur anonyme · Answer

Salut,

Bizarre fait ça pour verifier

Télécharge HijackThis: 
Téléchargement de HijackThis

Installe le dans son propre dossier:
-clic droit sur le bureau, choisis "nouveau dossier" puis installe le dedans.
Lance le, clic sur "do a system scan and save logfile" 
Puis copie et colle le rapport ici stp

Utilisateur anonyme · Answer

Salut,

Le programme FlashGet pense à le désinstaller il contient un spyware.Il en existe des gratuits en Français equivalent ;-)


Clic sur "demarrer", "executer", tape: services.msc ,cherche dans la liste cette ligne, fais un clic droit dessus choisis "propriétés" et régle la sur "désactivé"

Windows Log


Clic sur démarrer, rechercher, cherche et supprime ce fichier si présent

nvsvcd.exe

**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement


Telecharge, installe puis mets à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici avec un nouveau rapport hijackthis
Ewido:  (reste gratuit après la période d'essai)
Ewido


A++

libeault · Answer

Logfile of HijackThis v1.99.1
Scan saved at 20:26:43, on 2006-10-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Dynu Systems\Basic\basicsvc.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Dynu Systems\Basic\DynuBas.exe
C:\TYPSoft FTP Server\ftpserv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Documents and Settings\Daniel\Bureau\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Basic Client.lnk = C:\Program Files\Dynu Systems\Basic\DynuBas.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O15 - Trusted Zone: http://www.legendia-land.com
O16 - DPF: {06924146-BE45-490A-AEA8-EDBD3F6A10C7} (McciCPEAlcatelSTUSB2 Class) - http://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://candidcamera.ecasd.k12.wi.us/kxhcm10.ocx
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.singlehoteleden.ch/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.57.20.46:1497/activex/AxisCamControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: Dynu Basic Dynamic DNS Client v3.24 (DynuBasic) - Unknown owner - C:\Program Files\Dynu Systems\Basic\basicsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LifeView HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Ray - Unknown owner - C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B13ayserver.exe (file missing)
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

libeault · Answer

P.S.
J'ai encore les problemes initiaux.
Merci

Utilisateur anonyme · Answer

Salut,

pas de rapport Ewido ?

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) 
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {06924146-BE45-490A-AEA8-EDBD3F6A10C7} (McciCPEAlcatelSTUSB2 Class) - http://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab 
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab 
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://candidcamera.ecasd.k12.wi.us/kxhcm10.ocx 
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - 
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.singlehoteleden.ch/activex/AMC.cab 
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://129.57.20.46:1497/activex/AxisCamControl.cab


Refais un nettoyage avec Ccleaner

dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes

¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"


Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour  faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/

libeault · Answer

Voici le rapport


Time
 01:56:26
 
Files
 655488
 
Folders
 5929
 
Boot Sectors
 4
 
Archives
 15913
 
Packed Files
 52367
 
  
  
 
Results
 
Identified Viruses 
 2
 
Infected Files 
 8
 
Suspect Files 
 0
 
Warnings
 0
 
Disinfected
 0
 
Deleted Files
 8
 
  
  
 
Engines Info
 
Virus Definitions
 473949
 
Engine build
 AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
 
Scan plugins
 13
 
Archive plugins
 38
 
Unpack plugins
 6
 
E-mail plugins
 6
 
System plugins
 1
 
  
  
 
Scan Settings
 
First Action
 Disinfect
 
Second Action
 Delete
 
Heuristics
 Yes
 
Enable Warnings
 Yes
 
Scanned Extensions
 *;
 
Exclude Extensions
  
 
Scan Emails
 Yes
 
Scan Archives
 Yes
 
Scan Packed
 Yes
 
Scan Files
 Yes
 
Scan Boot
 Yes
 
  
  
 
  Scanned File
  Status
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>BlackBox.class
 Infected with: Java.Trojan.Exploit.Bytverify
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>BlackBox.class
 Disinfection failed
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>BlackBox.class
 Deleted
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip
 Updated
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>VerifierBug.class
 Infected with: Java.Trojan.Exploit.Bytverify.C
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>VerifierBug.class
 Disinfection failed
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>VerifierBug.class
 Deleted
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip
 Updated
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>Dummy.class
 Infected with: Java.Trojan.Exploit.Bytverify
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>Dummy.class
 Disinfection failed
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>Dummy.class
 Deleted
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip
 Updated
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>Beyond.class
 Infected with: Java.Trojan.Exploit.Bytverify.C
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>Beyond.class
 Disinfection failed
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip=>Beyond.class
 Deleted
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-207f7f25-59c056b0.zip
 Updated
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>BlackBox.class
 Infected with: Java.Trojan.Exploit.Bytverify
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>BlackBox.class
 Disinfection failed
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>BlackBox.class
 Deleted
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip
 Updated
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>VerifierBug.class
 Infected with: Java.Trojan.Exploit.Bytverify.C
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>VerifierBug.class
 Disinfection failed
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>VerifierBug.class
 Deleted
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip
 Updated
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>Dummy.class
 Infected with: Java.Trojan.Exploit.Bytverify
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>Dummy.class
 Disinfection failed
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>Dummy.class
 Deleted
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip
 Updated
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>Beyond.class
 Infected with: Java.Trojan.Exploit.Bytverify.C
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>Beyond.class
 Disinfection failed
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip=>Beyond.class
 Deleted
 
C:\Documents and Settings\Daniel\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-74b2599d-50f9d1bc.zip
 Updated

Utilisateur anonyme · Answer

Salut,

ferme toutes tes applications et refais un nettoyage complet avec Ccleaner, ensuite remets un rapport hijackthis et précise ou en est ton problème

A+

libeault · Answer

Salut

je ne peux pas désactiver la mise a jour de Windows. 
Sous..propriétés système/Mises a jour automatique/ 
Les options sont ombragés. 

Pour Windows live messager...je l'ai d'installer mais j'avais
(Je ne peux pas avoir un fichier de partage dans Windows Live 
Messenger. Il donne le message suivant: Votre ordinateur ne prend pas en charge les dossiers de partage. Aide...dans aide il est écrit que la cause pourrait etre le fait que je ne suis pas administrateur, ce qui serait faux)

Logfile of HijackThis v1.99.1
Scan saved at 06:47:04, on 2006-10-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\Program Files\Dynu Systems\Basic\basicsvc.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\TYPSoft FTP Server\ftpserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Daniel\Bureau\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sears.ca/gp/home.html/102-0047268-5932958?ie=UTF8&lang=fr&searsBrand=core
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Basic Client.lnk = C:\Program Files\Dynu Systems\Basic\DynuBas.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O15 - Trusted Zone: http://www.legendia-land.com
O16 - DPF: {06924146-BE45-490A-AEA8-EDBD3F6A10C7} (McciCPEAlcatelSTUSB2 Class) - http://eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: Dynu Basic Dynamic DNS Client v3.24 (DynuBasic) - Unknown owner - C:\Program Files\Dynu Systems\Basic\basicsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LifeView HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Ray - Unknown owner - C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B13ayserver.exe (file missing)
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Utilisateur anonyme · Answer

Salut,

maintenant fait ça


Télécharges Blacklight et sauvegarde le sur ton bureau.
https://www.f-secure.com/en
Double cliques sur  " blbeta.exe " et acceptes la licence; clic sur "Scan" puis "Next"

Un rapport, va se créer sur ton bureau "fslb-....."

Copies et colles le contenu de ce rapport ici.

Ne touche à rien d'autre!


et


telecharge ça:
http://download.bleepingcomputer.com/sUBs/combofix.exe

appuyes sur "Y" pour continuer

Attends quelques minutes..un rapport va s'ouvrir enregistre son contenu, puis copie et colle le sur ici stp

libeault · Answer

Salut
Est-ce le resultat attendu

fsbl-20061006001601.log

10/05/06 19:16:01 [Info]: BlackLight Engine 1.0.47 initialized
10/05/06 19:16:01 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/05/06 19:16:01 [Note]: 7019 4
10/05/06 19:16:01 [Note]: 7005 0
10/05/06 19:16:01 [Note]: 7006 0
10/05/06 19:16:01 [Note]: 7011 1268
10/05/06 19:16:01 [Note]: 7026 0
10/05/06 19:16:01 [Note]: 7026 0
10/05/06 19:16:09 [Note]: FSRAW library version 1.7.1020
10/05/06 19:16:29 [Note]: 7007 0

Utilisateur anonyme · Answer

oui, c'est bien ça, pour Blackligt c'est bon tu peux le supprimer rien à signaler.

A voir avec le rapport ComboFix

libeault · Answer

Salut

Voila pour le rapport ComboFix

- 06-10-06 19:42:42,18    Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Daniel\Bureau"

(((((((((((((((((((((((((((((((   Files Created from 2006-09-06 to 2006-10-06  ))))))))))))))))))))))))))))))))))
 

2006-09-21	21:08	302,592	--a------	C:\WINDOWS\unin0407.exe
 

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-05 19:15	--------	d--------	C:\Program Files\ewido anti-spyware 4.0
2006-10-04 21:39	--------	d--------	C:\Program Files\No-IP
2006-09-27 09:21	778656	--a------	C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-25 19:29	--------	d--------	C:\Program Files\GlobalSCAPE
2006-09-25 19:29	--------	d--------	C:\Documents and Settings\Daniel\Application Data\GlobalSCAPE
2006-09-25 19:19	--------	d--------	C:\Program Files\Dynu Systems
2006-09-23 12:00	--------	d--------	C:\Program Files\Team17 Software Ltd
2006-09-22 20:18	--------	d--------	C:\Program Files\Barbie(TM)
2006-09-21 21:08	--------	d--------	C:\Program Files\SuperGOO
2006-09-18 19:50	--------	d--------	C:\Program Files\TechSmith
2006-09-06 19:57	--------	d--------	C:\Documents and Settings\Daniel\Application Data\AdobeUM
2006-09-04 11:01	82864	--a------	C:\Documents and Settings\Daniel\Application Data\GDIPFONTCACHEV1.DAT
2006-08-30 21:16	--------	d--------	C:\Program Files\Bell
2006-08-27 09:27	--------	d--------	C:\Program Files\Larousse
2006-08-25 21:09	--------	d--------	C:\Program Files\Lavasoft
2006-08-22 19:00	--------	d--------	C:\Program Files\Hasbro
2006-08-21 07:26	16896	--a------	C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14	23040	--a------	C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14	128896	---------	C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-18 19:36	--------	d--------	C:\Program Files\NetAsst
2006-08-18 19:31	--------	d--------	C:\Program Files\NetAssistant
2006-08-18 19:31	--------	d--------	C:\Program Files\Motive
2006-08-12 22:30	--------	d--------	C:\Program Files\Sierra On-Line
2006-08-09 09:20	27904	--a------	C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-02 11:20	41472	--a------	C:\WINDOWS\system32\Lttwn12n.dll
2006-08-02 11:20	278528	--a------	C:\WINDOWS\system32\LTDIS12n.dll
2006-08-02 11:19	166400	--a------	C:\WINDOWS\system32\Ltimg12n.dll
2006-08-02 11:18	406016	--a------	C:\WINDOWS\system32\Ltkrn12n.dll
2006-08-02 11:18	227840	--a------	C:\WINDOWS\system32\Ltefx12n.dll
2006-08-02 11:18	121344	--a------	C:\WINDOWS\system32\Ltfil12n.dll
2006-08-02 09:08	14	--a------	C:\WINDOWS\system32\systeminfo.dll
2006-07-27 08:26	679424	---------	C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:27	72704	---------	C:\WINDOWS\system32\hlink.dll
2006-07-06 20:53	43520	--a------	C:\WINDOWS\system32\CmdLineExt03.dll
 

((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="\"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe\""
"ccleaner"="\"C:\Program Files\CCleaner\ccleaner.exe\" /AUTO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"Gestionnaire de sécurité"="\"C:\Program Files\Bell\Gestionnaire de securite\Rps.exe\""
"smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,52,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
  00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE"
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:ff,00,00,00
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoLowDiskSpaceCheck"=dword:00000001
"NoCDBurning"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoLowDiskSpaceCheck"=dword:00000001
"NoCDBurning"=dword:00000000
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceClassicControlPanel"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001
"NoLowDiskSpaceCheck"=dword:00000001
"NoCDBurning"=dword:00000000
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-disabled]
"SurfAccuracy"="C:\Program Files\SurfAccuracy\SAcc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk"
"backup"="C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk"
"backup"="C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^NetAssistant.lnk]
"path"="C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NetAssistant.lnk"
"backup"="C:\WINDOWS\pss\NetAssistant.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\PROGRA~1\NETASS~1\bin\matcli.exe -boot"
"item"="NetAssistant"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Daniel^Menu Démarrer^Programmes^Démarrage^Webshots.lnk]
"path"="C:\Documents and Settings\Daniel\Menu Démarrer\Programmes\Démarrage\Webshots.lnk"
"backup"="C:\WINDOWS\pss\Webshots.lnkStartup"
"location"="Startup"
"command"="C:\PROGRA~1\Webshots\Launcher.exe  /t"
"item"="Webshots"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AdaptecDirectCD]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="DirectCD"
"hkey"="HKLM"
"command"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AnyDVD]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="AnyDVD"
"hkey"="HKLM"
"command"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\WINDOWS\system32\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\EssSpkPhone]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="essspk"
"hkey"="HKLM"
"command"="essspk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\FTP Server]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="ftpserv"
"hkey"="HKLM"
"command"="C:\TYPSOF~1\ftpserv.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\GhostStartTrayApp]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="GhostStartTrayApp"
"hkey"="HKLM"
"command"="C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\system32\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MediaFace Integration]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="SetHook"
"hkey"="HKLM"
"command"="C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Motive SmartBridge]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\Program Files\Messenger\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NBJ]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="NBJ"
"hkey"="HKCU"
"command"="\"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\WINDOWS\system32\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvCplDaemon]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NvMediaCenter]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg
wiz]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RecSche]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="RecSche"
"hkey"="HKLM"
"command"="\"C:\Program Files\TVR\RecSche.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ReJf5vH]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="unkucj"
"hkey"="HKLM"
"command"="C:\WINDOWS\unkucj.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ScanRegistry]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="W"
"hkey"="HKLM"
"command"="C:\W"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SurfAccuracy]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="SAcc"
"hkey"="HKLM"
"command"="C:\Program Files\SurfAccuracy\SAcc.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\WinDVRCtrl]
"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
"item"="WDVRCtrl"
"hkey"="HKLM"
"command"="C:\WINDOWS\WDVRCtrl.exe"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ  msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 
Completion time: 2006-10-06 19:43:31.79 
ComboFix.txt

Utilisateur anonyme · Answer

Salut,

clic sur démarrer, poste de travail, C:, program files et supprime ces dossiers si présent

SurfAccuracy
Symantec


Clic sur démarrer, rechercher et supprime ces fichiers si présent

unkucj.exe
CmdLineExt03.dll


Ensuite, fais un clic droit sur hijackthis, choisis propriétés et remplace hijacthis par abcde puis "ok" et remet un rapport hijackthis stp

libeault · Answer

Salut,

libeault · Answer

Salut, 
Je ne saisie pas l'operation de changer Hijackthis par abcde!?

Utilisateur anonyme · Answer

Salut,

fais un clic droit sur hijackthis, choisis renommer, puis entre ces lettres "abcde" puis tu fermes et refais un scan avec hijackthis et tu colles le rapport ici

libeault · Answer

Salut,
Le voici

Logfile of HijackThis v1.99.1
Scan saved at 19:58:13, on 2006-10-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bell\Gestionnaire de securite\fws.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Dynu Systems\Basic\basicsvc.exe
C:\WINDOWS\system32\lvhidsvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Bell\Gestionnaire de securite\Rps.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Dynu Systems\Basic\DynuBas.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
C:\TYPSoft FTP Server\ftpserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\Daniel\Bureau\Nouveau dossier\abcde.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sears.ca/gp/home.html/102-0047268-5932958?ie=UTF8&lang=fr&searsBrand=core
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Bell\Gestionnaire de securite\FBHR.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Gestionnaire de sécurité] "C:\Program Files\Bell\Gestionnaire de securite\Rps.exe"
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Basic Client.lnk = C:\Program Files\Dynu Systems\Basic\DynuBas.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=www.google.fr
O15 - Trusted Zone: www.legendia-land.com
O16 - DPF: {06924146-BE45-490A-AEA8-EDBD3F6A10C7} (McciCPEAlcatelSTUSB2 Class) - eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Fichiers communs\Command Software\dvpapi.exe
O23 - Service: Dynu Basic Dynamic DNS Client v3.24 (DynuBasic) - Unknown owner - C:\Program Files\Dynu Systems\Basic\basicsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LifeView HID Service (LvHidSvc) - Philips - C:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Ray - Unknown owner - C:\Program Files\Dassault Systemes\PhotoStudioSatellite\B13ayserver.exe (file missing)
O23 - Service: Gestionnaire de sécurité Coupe-feu (RP_FWS) - Radialpoint Inc. - C:\Program Files\Bell\Gestionnaire de securite\fws.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

Utilisateur anonyme · Answer

Salut,

Clic sur démarrer, rechercher et supprime ce fichier:

unin0407.exe


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe 
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" 
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO 
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe 
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe 
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 
O16 - DPF: {06924146-BE45-490A-AEA8-EDBD3F6A10C7} (McciCPEAlcatelSTUSB2 Class) - eserv.sympatico.ca/netassistant/controls/BellCanadaPortalAX.cab 
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab


Clic sur "demarrer", "executer", tape: services.msc ,cherche dans la liste cette ligne, fais un clic droit dessus choisis "propriétés" et régle la sur "manuel"

Adobe LM Service
DVD-RAM_Service
InstallDriver Table Manager
LexBce Server
LifeView HID Service 
Ray
StarWind iSCSI Service


celle ci sur "désactivé"

SoundMAX Agent Service
NVIDIA Display Driver Service


Refais un nettoyage Ccleaner puis refais un scan avec Ewido et colle le rapport ic ici stp

libeault · Answer

Salut,
Est-ce bien ce rapport la?
J'ai appliquer se que proposait ewido!


ewido anti-spyware - Scan Report
---------------------------------------------------------

 + Created at:	20:13:24 2006-11-12

 + Scan result:	



C:\Documents and Settings\Daniel\Cookies\daniel@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@amazonsearsca.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
D:\WINDOWS.000\Cookies\moi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
D:\WINDOWS.000\Cookies\moi@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
D:\WINDOWS.000\Cookies\moi@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned.
D:\WINDOWS.000\Cookies\moi@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@estat[1].txt -> TrackingCookie.Estat : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-lgusa.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-ubisoft.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ehg-yvesrocher.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
D:\WINDOWS.000\Cookies\moi@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
D:\WINDOWS.000\Cookies\moi@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@pmads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@weborama[1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Daniel\Cookies\daniel@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
E:\A Garder\__ANTI VIRUS_Norton Antivirus 2006 Full Crack Serial Keygen Symantec Antivirus 2006.zip/Setup.exe -> Worm.Agent.d : Cleaned with backup (quarantined).


::Report end

libeault · Answer

Salut,
   Lorsque je vais dans Comptes d'utilisateurs
      dans -choisissez un nouveau type de compte
                Administrateur de l'ordinateur est coché.

    Lorsque je vais dans Propriété système.
       dans -mise à jour automatique
                 Installation automatique(recommendé) est
               cocher et en gris pale, je ne peux pas le dé-sélectionner.

    Lorsque je vais dans Propriété système.
        dans-Avancé-Profile des utilisateurs
                  il a deux nom
le 1-TEST/Adiministrateur/taille 293ko
le 2-TEST/Daniel/taille 1.68go

Mon ordinateur a été acheté a un certain Daniel...
Presentement,
      Lorsque je fait ctrl/alt/delete sous Utilisateur
      Le compte Daniel est active.

La demande initial était comment enlever la mise a jour
(il semble avoir un problème avec mon compte administrateur)

Merci de votre aides

Utilisateur anonyme · Answer

Salut,

apparement tu utilises la session de ce Daniel ?! 

Créée toi une nouvelle session administrateur, transfert tes fichiers sur ta nouvelle session et supprime ce compte Daniel

Tu as quoi comme pare-feu ?


Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour  faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

_Online Scanner
_Kaspersky Online Scanner
_My Computer

https://www.kaspersky.fr/downloads

libeault · Answer

Salut,
 Je n'ai pas eu le temps de faire le scan...pour bientot.
serait-il plutot le 1 qui serait a effacer
le 1-TEST/Adiministrateur/taille 293ko 
le 2-TEST/Daniel/taille 1.68go 

Je m'explique
J'ai créé deux nouveau compte...(new)compte limité
                                                          et (new_1) compte admin...
Lorsque je vais dans Propriété système. 
dans-Avancé-Profile des utilisateurs

Losque je choisi  TEST/Adiministrateur l'option supprimer est accessible

Losque je choisi  TEST/new l'option supprimer est accessible


Losque je choisi  TEST/Daniel l'option supprimer n'est pas accessible

Losque je choisi  TEST/new_1 l'option supprimer n'est pas accessible

Selon vous le compte 1-TEST/Adiministrateur/taille 293ko 
pourrait-il etre suprimé.

Le compte 1-TEST/Adiministrateur/ n'apparait nul part lors des choix de session


Pour le pare feu (presentement j'en ai pas mais 
sauf lui de windos et mon router.) depuis 1 mois environ.

avant j'avais en plus le pare feu de mon fournisseur internet
soit coffre fort de sympatico.

J'avais instaler zone alarme pro...mais il est trop lourd.

Merci

libeault · Answer

Salut voici le rapport
Monday, November 20, 2006 9:24:28 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/11/2006
Kaspersky Anti-Virus database records: 243342
 
Scan Settings 
Scan using the following antivirus database extended 
Scan Archives true 
Scan Mail Bases true 
 
Scan Target Critical Areas 
C:\WINDOWS
C:\DOCUME~1\Daniel\LOCALS~1\Temp\  
 
Scan Statistics 
Total number of scanned objects 18071 
Number of viruses found 0 
Number of infected objects 0 / 0 
Number of suspicious objects 0 
Duration of the scan process 00:16:42 

Infected Object Name Virus Name Last Action 
C:\WINDOWS\system32\config\system.LOG  Object is locked  skipped  
 
C:\WINDOWS\system32\config\software.LOG  Object is locked  skipped  
C:\WINDOWS\system32\config\default.LOG  Object is locked  skipped  
C:\WINDOWS\system32\config\SAM.LOG  Object is locked  skipped  
C:\WINDOWS\system32\config\SECURITY.LOG  Object is locked  skipped  
C:\WINDOWS\system32\config\AppEvent.Evt  Object is locked  skipped  
C:\WINDOWS\system32\config\SecEvent.Evt  Object is locked  skipped  
C:\WINDOWS\system32\config\SysEvent.Evt  Object is locked  skipped  
C:\WINDOWS\system32\config\DEFAULT  Object is locked  skipped  
C:\WINDOWS\system32\config\SECURITY  Object is locked  skipped  
C:\WINDOWS\system32\config\SOFTWARE  Object is locked  skipped  
C:\WINDOWS\system32\config\SYSTEM  Object is locked  skipped  
C:\WINDOWS\system32\config\SAM  Object is locked  skipped  
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA  Object is locked  skipped  
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR  Object is locked  skipped  
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP  Object is locked  skipped  
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP  Object is locked  skipped  
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER  Object is locked  skipped  
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP  Object is locked  skipped  
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP  Object is locked  skipped  
C:\WINDOWS\system32\h323log.txt  Object is locked  skipped  
C:\WINDOWS\Debug\PASSWD.LOG  Object is locked  skipped  
C:\WINDOWS\Sti_Trace.log  Object is locked  skipped  
C:\WINDOWS\wiaservc.log  Object is locked  skipped  
C:\WINDOWS\wiadebug.log  Object is locked  skipped  
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log  Object is locked  skipped  
C:\WINDOWS\WindowsUpdate.log  Object is locked  skipped  
 
Scan process completed. 

Merci

libeault · Answer

...

Administateur systeme

24 réponses

Discussions similaires