Antivirus etc rien n'abouti

mme cointe -  
 mme cointe -
Bonjour,

je poste ici, une fois de plus, car je rencontre un problème avec mon PC depuis plusierus jours déjà.

- il rame.

- je ne parviens plus à me connecter à internet via celui-ci la page restant bloquée.

- j'ai pu télécharger spybot, j'ai donc lancé une analyse il m'indique pas mal de fichier à corriger, mais l'opération se bloque impossible de les corriger.

- avast ne détecte aucun virus.

- ad-aware a fait une analys et détecté un malware et différents fichiers à corriger, j'ai bo coche les ficiers à corriger ils se décochent en suivant je ne peux donc rien faire non plus.

- enfin j'ai tenté d'installer "hijack this" je crois que ça se nomme ainsi, mais au moment de cliquer sur install pour l'installerplus rien ne s'affiche la fenètre a disparu.

je sature léger, si quelqu'un a un idée, même minime ... je vous remrcie
Configuration: Windows XP
Internet Explorer 7.0

21 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    salut

    va dans le gestionnaire des taches puis clic sur processus puis nom de l'image
    puis marque moi tous les processus et telecharge spyware terminator
    0
  2. mme cointe
     
    ok je vais faire cette manip' merci a plus tard
    0
  3. mme cointe
     
    voilà pr la liste

    Winword.exe
    Wuauclt.exe
    Svchost.exe
    Alg.exe
    IEXPLORE.EXE
    IEXPLORE.EXE
    TeaTimer.exe
    Msmsgs.exe
    ashDisp.exe
    wdfmgr.exe
    explorer.exe
    ashWebSv.exe
    NMIndexingService.exe
    ashServ.exe
    aswUpdSv.exe
    svchost.exe
    FTRTSVC.exe
    Svchost.exe
    Svchost.exe
    Aawservice.exe
    Svchost.exe
    ashMaiSv.exe
    taskmgr.exe
    svchost.exe
    svchost.exe
    lsass.exe
    services.exe
    winlogon.exe
    csrss.exe
    smss.exe
    rapimgr.exe
    spoolsv.exe
    wcescomm.exe
    System
    Processus inactif du systèm
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    telecharge mozilla firefox

    puis dans le gestionnaire des tache clic droit sur les IEXPLORER terminer le processus s'i il y en a plusieur

    supprime tous se que spyware terminator a detecter
    0
  6. mme cointe
     
    merci je poursuis, je vai installer spyware terminator
    0
  7. mme cointe
     
    pr le moment après une analyse rapide avec spyware terminator, aucune menace na été détecté. Je suis entrin de faire une analyse plus complète.
    0
  8. mme cointe
     
    à moitié analyse complète :

    2 objets critiques :

    - AdTool.MyWebSearch.bm:c:\document and settings\michel\Local Settings\Temp\NERO13356\toolbar.exe

    - MovieLand:HKCR\ApplD\DownloadManager.exe
    0
  9. mme cointe
     
    l'analyse terminée, 3 objets critiques ont été détectés voici le rapport :

    bLogfile of Spyware Terminator v2.0.1.224 (db:1.0.044.807)
    Scan Time: 28/12/2007 19:41:35 length: 4523 s
    Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)
    User: Limited
    Boot Mode: Normal
    Scan type: Full_Spyware_Scan
    Scanned Objects: 133855 (Critical:2)
    Filter: No System items, No Safe items

    Running Processes
    rapimgr.exe [Microsoft Corporation] : C:\Program Files\Microsoft ActiveSync\rapimgr.exe
    aawservice.exe [Lavasoft AB] : C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    FTRTSVC.exe [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe
    NMIndexingService.exe [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    WINWORD.EXE [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

    Internet Settings
    R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
    R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
    R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

    BHO
    02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} - File not found
    02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - [Google Inc.] : C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    02 - BHO: - {{FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
    02 - BHO: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
    02 - BHO: - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - File not found
    02 - BHO: - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - File not found
    02 - BHO: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
    02 - BHO: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found

    StartUps
    04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} : [Nero AG] : C:\Program Files\Fichiers communs\AHEAD\LIB\NMBGMONITOR.EXE
    04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Proxy Proc : : C:\Documents and Settings\michel\Application Data\1SIZECOAL\EXTRA REGS.exe
    04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NeroFilterCheck : [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Joy Bike More City : : C:\Documents and Settings\All Users\Application Data\Mags Mapi Joy Bike\inter browse.exe
    04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinStart : : C:\WINDOWS\rundll33.exe
    04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, MS-config : : C:\WINDOWS\system32\rundll17.exe
    04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup, Registering TotalScan Components : [Panda Security] : C:\Program Files\PANDA SECURITY\TOTALSCAN\ASCGUIIE.DLL
    04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup, Registering TotalScan Components. : [Panda Security] : C:\Program Files\PANDA SECURITY\TOTALSCAN\NPWRAPPER.DLL
    04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup, Registering TotalScan Components.. : [Panda Software International] : C:\Program Files\PANDA SECURITY\TOTALSCAN\LIBCOMM.DLL
    04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : : C:\WINDOWS\system32\LSDELETE.EXE

    Shell Extensions
    Extension Affichage Panorama du Panneau de configuration - {42071714-76d4-11d1-8b24-00a0c9068ff3} - : deskpan.dll
    - {764BF0E1-F219-11ce-972D-00AA00A14F56} - File not found
    - {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - File not found
    Barre des tâches et menu Démarrer - {0DF44EAA-FF21-4412-828E-260A8728E7F1} - File not found
    Comptes d'utilisateurs - {7A9D77BD-5403-11d2-8785-2E0420524153} - File not found
    WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
    WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Program Files\WinZip\WZSHLSTB.DLL
    WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Program Files\WinZip\WZSHLSTB.DLL
    WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Program Files\WinZip\WZSHLSTB.DLL
    WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Program Files\WinZip\WZSHLSTB.DLL
    Appareil mobile - {49BF5420-FA7F-11cf-8011-00A0C90A8F78} - [Microsoft Corporation] : C:\Program Files\Microsoft ActiveSync\Wcesview.dll
    My Logitech Pictures - {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} - [Logitech Inc.] : C:\Program Files\Logitech\Video\Namespc2.dll
    NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
    - {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
    - {087B3AE3-E237-4467-B8DB-5A38AB959AC9} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
    - {63542C48-9552-494A-84F7-73AA6A7C99C1} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
    - {3B092F0C-7696-40E3-A80F-68D74DA84210} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll

    Services
    23 - [Lavasoft AB] : C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    23 - [Intel Corporation] : C:\WINDOWS\system32\drivers\ac97intc.sys
    23 - [3Com Corporation] : C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
    23 - [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe
    23 - [Intel(R) Corporation] : C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    23 - [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

    Threat Files
    <AdTool.MyWebSearch.bm> : C:\Documents and Settings\michel\Local Settings\Temp\NERO13356\Toolbar.exe

    Advanced Files Report
    %PROGRAMFILES%\OpenOffice.org 2.3\program\shlxthdl.dll [Sun Microsystems, Inc.] MD5=DD6B269A3F5ABEAF526CB760DF8F3074 SIZE=335872
    %PROGRAMFILES%\OpenOffice.org 2.3\program\uwinapi.dll [Sun Microsystems, Inc.] MD5=448C4676C44B18399969392C1BB0462E SIZE=98304
    %PROGRAMFILES%\OpenOffice.org 2.3\program\stlport_vc7145.dll [STLport Consulting, Inc.] [STLport Standard ANSI C++ Libarary] MD5=73B98B3754998AEA0985B409B156908B SIZE=577536
    %PROGRAMFILES%\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] [Nero BackItUp] MD5=57B941BC9AF99E03ECC1E2BEF753782A SIZE=99624
    %PROGRAMFILES%\WinZip\WZSHLSTB.DLL [WinZip Computing, Inc.] [WinZip] MD5=E393705B69E606CE95AB8F536EF8360F SIZE=24645
    %PROGRAMFILES%\WinRAR\rarext.dll [] MD5=75B1F7A674FB292C388AAD7522B1507A SIZE=118784
    %PROGRAMFILES%\PowerArchiver\PASHLEXT.DLL [ConeXware, Inc.] [PowerArchiver 2006] MD5=AFDF03EABD7274652BD480A19F41C9E1 SIZE=80384
    %PROGRAMFILES%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] [Cover Designer] MD5=B08BE238F67339373207C29E12EDDF4C SIZE=1967400
    %PROGRAMFILES%\Microsoft ActiveSync\rapiproxystub.dll [] MD5=88CF195C0A5A2AF4B8C499C43C26B9EE SIZE=10752
    %PROGRAMFILES%\Microsoft ActiveSync\rapimgr.exe [Microsoft Corporation] [Microsoft ActiveSync] MD5=51CFAD6A4D26EE0F1F1AC17617F01562 SIZE=180224
    %PROGRAMFILES%\Lavasoft\Ad-Aware 2007\aawservice.exe [Lavasoft AB] [Ad-Aware 2007 Service] MD5=62E1B62C9DD8F446D224166A4D78B5DD SIZE=561152
    %PROGRAMFILES%\Lavasoft\Ad-Aware 2007\CEAPI.dll [Lavasoft AB] [CEAPI Dynamic Link Library] MD5=554F68A89FCB47171B7CBA6C4E950438 SIZE=716800
    %PROGRAMFILES%\Lavasoft\Ad-Aware 2007\Update.dll [] MD5=B467D10E0EA9D2ECAD849290A4B60700 SIZE=520192
    %SYSDIR%\FTRTSVC.exe [France Telecom] [FTRTSVC NT Service] MD5=D1261099E03EEE90976EA19002995B89 SIZE=40960
    %SYSDIR%\IfHelper.dll [France Télécom R&D] [IfHelper] MD5=A690AE7F4418401815CE3D73D60B8C6F SIZE=36864
    %COMMONFILES%\Ahead\Lib\NMIndexingService.exe [Nero AG] [Nero Home] MD5=A328A46D87BB92CE4D8A4528E9D84787 SIZE=279848
    %COMMONFILES%\Ahead\Lib\NMIndexingServicePS.dll [Nero AG] [Nero Home] MD5=49130B95291F0269689AF46A461DB034 SIZE=59176
    %COMMONFILES%\Ahead\Lib\NMLogCxx.dll [Nero AG] [Nero Home] MD5=0C01B2C22322C48D8ADAE3B9D467E924 SIZE=70952
    %COMMONFILES%\Ahead\Lib\log4cxx.dll [Nero AG] [Nero Home] MD5=421B260404162F1F00A9618C3F42315B SIZE=742696
    %COMMONFILES%\Ahead\Lib\NMDataServices.dll [Nero AG] [Nero Home] MD5=A63E5D51FBDB18AFA2EC67CADCB062FD SIZE=2749736
    %PROGRAMFILES%\Microsoft Office\OFFICE11\WINWORD.EXE [Microsoft Corporation] [Microsoft Office 2003] MD5=1EEA7DD2F1EA6EFEF380B99A90228D2F SIZE=12037688
    deskpan.dll []
    %PROGRAMFILES%\Microsoft ActiveSync\Wcesview.dll [Microsoft Corporation] [Microsoft ActiveSync] MD5=9E82A81A18349BF9188FF0FD9E00EC48 SIZE=245760
    %PROGRAMFILES%\Logitech\Video\Namespc2.dll [Logitech Inc.] [Logitech QuickCam] MD5=C917010C3C477D92B1368490E009580F SIZE=65536
    %SYSDIR%\drivers\ac97intc.sys [Intel Corporation] [Intel(r) Integrated Controller Hub Audio Driver] MD5=0F2D66D5F08EBE2F77BB904288DCF6F0 SIZE=96256
    %SYSDIR%\DRIVERS\el90xbc5.sys [3Com Corporation] [3Com EtherLink PCI] MD5=6E883BF518296A40959131C2304AF714 SIZE=66591
    %SYSDIR%\DRIVERS\i81xnt5.sys [Intel(R) Corporation] [Intel(R) Graphics Accelerator Drivers for Windows NT(R)] MD5=06B7EF73BA5F302EECC294CDF7E19702 SIZE=161020
    %SYSDIR%\systray.exe []

    End of Report

    le porblème est que lorsque j'ai mis supprimer, un message est apparu me disans qu'il n'avait pas réussi à tt supprimer ...
    0
  10. Utilisateur anonyme
     
    ok alors va en mode sans echec F11 est fait un scan compler avec spyware terminator et supprime tous puis revient en mode normale et refais moi un log hijackthis
    0
  11. Utilisateur anonyme
     
    mince avant telecharge hijackthis avant de me mettre le log
    0
  12. mme cointe
     
    un grand merci pour l'aide que tu m'apportes.

    je fais ce que tu me recommandes, par contre je publierai surment le log hijackthis demain ...

    encore merci
    0
  13. mme cointe
     
    bonsoir,

    je poste ici le rapport d'une analyse faite avec hijackthis sur mon second PC, pourriez vous me dire si quelque chose d'anormal peut être remarqué ? MERCI

    Jessyf, je suis entrin de faire le démarrage en mode sans échec etc pour mon PC numéro 1.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:04:11, on 29/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\UberIcon\UberIcon Manager.exe
    C:\Windows\System32\VisualTaskTips.exe
    C:\Program Files\styler\Styler.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\pauline\Bureau\CQRITE\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 66.249.93.99 www.google.fr
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
    O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
    O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
    O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s
    O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [Frag Settings Draw Download] C:\Documents and Settings\All Users\Application Data\2 team frag settings\drive each.exe
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [Mess Sign] C:\DOCUME~1\pauline\APPLIC~1\CDROMM~1\FOR MEAL.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EA23D04C-71AC-4091-AACC-DBFCA8464EAD}: NameServer = 192.168.1.1
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    0
  14. mme cointe
     
    voici le second rapport avec hijackthis par contre je ne parviens pas à démarrer en mode sans échec ...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:03:08, on 29/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Messenger\Msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\michel\Bureau\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/store?verb=register-home&lang=fre
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Joy Bike More City] C:\Documents and Settings\All Users\Application Data\Mags Mapi Joy Bike\inter browse.exe
    O4 - HKLM\..\Run: [WinStart] C:\Windows\rundll33.exe
    O4 - HKLM\..\RunOnce: [MS-config] C:\Windows\system32\rundll17.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Proxy Proc] C:\DOCUME~1\michel\APPLIC~1\1SIZEC~1\EXTRA REGS.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
    0
  15. Utilisateur anonyme
     
    coche la ligne

    O4 - HKLM\..\Run: [Joy Bike More City] C:\Documents and Settings\All Users\Application Data\Mags Mapi Joy Bike\inter browse.exe

    zt clic sur fixcheked
    0
  16. pauline²
     
    voilà qui est fait pr cette manip' merci
    0
  • 1
  • 2