Rapport hijakthis

Résolu

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention -
Utilisateur anonyme - 22 févr. 2008 à 14:29

Bonjour, kk'un peux m'expliker ce ke je dois faire???

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:29, on 15/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Thomson\Auto Updater\Auto Updater.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Ext\Restoredesktop\RestoreDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\suzy.AL\Application Data\??sembly\?xplorer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mad.exe
C:\WINDOWS\system32\Ext\AllSnap\allSnap.exe
c:\Program Files\Numericable\Mon Assistant Internet\bin\mpbtn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ext\ClipTray\ClipTray.exe
C:\WINDOWS\system32\Ext\ClocX\ClocX.exe
C:\WINDOWS\system32\Ext\DialogBoxAssistant\OSDEx.exe
C:\WINDOWS\system32\Ext\Restoredesktop\RestoreDesktop.exe
C:\WINDOWS\system32\Ext\Sizer\sizer.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\Ext\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\Ext\UberIcon\UberIconManager.exe
C:\WINDOWS\system32\Ext\WinRoll\winroll.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/sea rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/yme/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/sea rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/yme/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dme&x Toolbar - {3F756BC4-26CB-497E-9409-8F09C1850C80} - C:\WINDOWS\system32\Ext\DmexBar\dmexbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NUMERI~1\MONASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [LyraUpdates] "C:\Program Files\Thomson\Auto Updater\Auto Updater.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [985ddd5c] rundll32.exe "C:\WINDOWS\system32\ogxmfmpt.dll",b
O4 - HKCU\..\Run: [RestoreDesktop] C:\WINDOWS\System32\Ext\Restoredesktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Anas] "C:\DOCUME~1\suzy.AL\APPLIC~1\CROSOF~1.NET\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Zxnhni] "C:\Documents and Settings\suzy.AL\Application Data\??sembly\?xplorer.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: AllSnap.lnk = C:\WINDOWS\system32\Ext\AllSnap\allSnap.exe
O4 - Startup: ClipTray.lnk = C:\WINDOWS\system32\Ext\ClipTray\ClipTray.exe
O4 - Startup: ClocX.lnk = C:\WINDOWS\system32\Ext\ClocX\ClocX.exe
O4 - Startup: DialogBoxAssistant.lnk = C:\WINDOWS\system32\Ext\DialogBoxAssistant\OSDEx.exe
O4 - Startup: RestoreDesktop.lnk = C:\WINDOWS\system32\Ext\Restoredesktop\RestoreDesktop.exe
O4 - Startup: Sizer.lnk = C:\WINDOWS\system32\Ext\Sizer\sizer.exe
O4 - Startup: StatBar.lnk = C:\WINDOWS\system32\Ext\Statbar\StatBar.exe
O4 - Startup: SWFLivePreview.lnk = C:\WINDOWS\system32\Ext\SWFLivePreview\swf_lp.exe
O4 - Startup: TaskSwitchXP.lnk = C:\WINDOWS\system32\Ext\TaskSwitchXP\TaskSwitchXP.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\system32\Ext\UberIcon\UberIconManager.exe
O4 - Startup: Winroll.lnk = C:\WINDOWS\system32\Ext\WinRoll\winroll.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Mon Assistant Internet.lnk = C:\Program Files\Numericable\Mon Assistant Internet\bin\matcli.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get File Size - res://C:\WINDOWS\System32\Ext\GetFileSize\GetFileSize.exe/130
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Diminuer la taille de la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - C:\WINDOWS\system32\Ext\EasyRead\ZoomOut.js
O9 - Extra button: Agrandir la taille de la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - C:\WINDOWS\system32\Ext\EasyRead\ZoomIn.js
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Votre Opinion\PanelApp\PanelSvc.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Afficher la suite

A voir également:

Rapport hijakthis
Plan rapport de stage - Guide
Rapport erreur windows - Guide
Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant - Forum Excel
Thème rapport de stage comptabilité - Forum Word
Rapport sur le dark web - Accueil - Protection

101 réponses

Réponse 21 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

voici le rapport navilog

Clean Navipromo version 3.4.5 commencé le 17/02/2008 à 17:10:41,11

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.02.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS

*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

* Suppression dans "C:\Documents and Settings\suzy.AL\locals~1\applic~1" *

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1 ***

*** Suppression dossiers dans "C:\Documents and Settings\suzy.AL\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\suzy.AL\locals~1\applic~1" ***

*** Suppression dossiers dans "C:\Documents and Settings\suzy.AL\MENUDM~1\PROGRA~1" ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1 ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\suzy.AL\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans C:\WINDOWS\system32 *

* Dans "C:\Documents and Settings\suzy.AL\locals~1\applic~1" *

*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !

*** Nettoyage terminé le 17/02/2008 à 17:20:25,70 ***

Réponse 22 / 101

Utilisateur anonyme

Re ,

Rapport Vundofix + Virtumondobegone maintenant stp.
a+

Réponse 23 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

c en cours vundofix merci

Réponse 24 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

RAPPORT VUNDOFIX

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 16:42:02 17/02/2008

Listing files found while scanning....

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 17:31:52 17/02/2008

Listing files found while scanning....

C:\WINDOWS\system32\cimlfqlw.dll
C:\WINDOWS\system32\ewqgwwgg.dll
C:\WINDOWS\system32\ggwwgqwe.ini
C:\WINDOWS\system32\ggwwgqwe.ini2
C:\WINDOWS\system32\ggwwgqwe.tmp
C:\WINDOWS\system32\lrveylhv.dll
C:\WINDOWS\system32\ppbwlfbo.dll
C:\WINDOWS\system32\qtshfcir.dll
C:\WINDOWS\system32\ssqropp.dll
C:\WINDOWS\system32\tuvtq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cimlfqlw.dll
C:\WINDOWS\system32\cimlfqlw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ewqgwwgg.dll
C:\WINDOWS\system32\ewqgwwgg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ggwwgqwe.ini
C:\WINDOWS\system32\ggwwgqwe.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggwwgqwe.ini2
C:\WINDOWS\system32\ggwwgqwe.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ggwwgqwe.tmp
C:\WINDOWS\system32\ggwwgqwe.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\lrveylhv.dll
C:\WINDOWS\system32\lrveylhv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ppbwlfbo.dll
C:\WINDOWS\system32\ppbwlfbo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtshfcir.dll
C:\WINDOWS\system32\qtshfcir.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqropp.dll
C:\WINDOWS\system32\ssqropp.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\tuvtq.dll
C:\WINDOWS\system32\tuvtq.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:08:02 17/02/2008

Listing files found while scanning....

VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Scan started at 18:15:24 17/02/2008

Listing files found while scanning....

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 101

Utilisateur anonyme

Re ,

Virtumondobegone maintenant ;)
A+

Réponse 26 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

rapport virtumondobegone

[02/17/2008, 18:23:55] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\suzy.AL\Bureau\VirtumundoBeGone.exe" )
[02/17/2008, 18:24:04] - Detected System Information:
[02/17/2008, 18:24:04] - Windows Version: 5.1.2600, Service Pack 2
[02/17/2008, 18:24:04] - Current Username: suzy (Admin)
[02/17/2008, 18:24:04] - Windows is in NORMAL mode.
[02/17/2008, 18:24:04] - Searching for Browser Helper Objects:
[02/17/2008, 18:24:04] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[02/17/2008, 18:24:04] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/17/2008, 18:24:05] - BHO 3: {2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class)
[02/17/2008, 18:24:05] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/17/2008, 18:24:05] - BHO 5: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/17/2008, 18:24:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:24:05] - No filename found. Continuing.
[02/17/2008, 18:24:05] - BHO 6: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/17/2008, 18:24:05] - BHO 7: {AEBE2E47-238F-4D80-90E3-6FE22F68D536} ()
[02/17/2008, 18:24:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:24:05] - Checking for HKLM\...\Winlogon\Notify\qopqn
[02/17/2008, 18:24:05] - Key not found: HKLM\...\Winlogon\Notify\qopqn, continuing.
[02/17/2008, 18:24:05] - BHO 8: {B2B30B77-9699-47B4-B927-DA22C0627C5E} ()
[02/17/2008, 18:24:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:24:05] - Checking for HKLM\...\Winlogon\Notify\tuvtq
[02/17/2008, 18:24:05] - Key not found: HKLM\...\Winlogon\Notify\tuvtq, continuing.
[02/17/2008, 18:24:05] - BHO 9: {E180F496-8A4B-44E2-9FE0-0364E345DB7F} ()
[02/17/2008, 18:24:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:24:05] - Checking for HKLM\...\Winlogon\Notify\ssqropp
[02/17/2008, 18:24:05] - Key not found: HKLM\...\Winlogon\Notify\ssqropp, continuing.
[02/17/2008, 18:24:05] - BHO 10: {f64a6c13-724f-421a-870c-0328aa432c81} ()
[02/17/2008, 18:24:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:24:05] - Checking for HKLM\...\Winlogon\Notify\ppbwlfbo
[02/17/2008, 18:24:05] - Key not found: HKLM\...\Winlogon\Notify\ppbwlfbo, continuing.
[02/17/2008, 18:24:05] - BHO 11: {FC1437ED-CCAF-4616-98F8-3EE834971251} ()
[02/17/2008, 18:24:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:24:06] - Checking for HKLM\...\Winlogon\Notify\xxyyv
[02/17/2008, 18:24:06] - Key not found: HKLM\...\Winlogon\Notify\xxyyv, continuing.
[02/17/2008, 18:24:06] - Finished Searching Browser Helper Objects
[02/17/2008, 18:24:06] - Finishing up...
[02/17/2008, 18:24:06] - Nothing found! Exiting...

[02/17/2008, 18:54:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\suzy.AL\Bureau\VirtumundoBeGone.exe" )
[02/17/2008, 18:54:13] - Detected System Information:
[02/17/2008, 18:54:13] - Windows Version: 5.1.2600, Service Pack 2
[02/17/2008, 18:54:13] - Current Username: suzy (Admin)
[02/17/2008, 18:54:13] - Windows is in NORMAL mode.
[02/17/2008, 18:54:13] - Searching for Browser Helper Objects:
[02/17/2008, 18:54:13] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[02/17/2008, 18:54:13] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[02/17/2008, 18:54:13] - BHO 3: {2F85D76C-0569-466F-A488-493E6BD0E955} (dsWebAllowBHO Class)
[02/17/2008, 18:54:13] - BHO 4: {53EC6B7E-A4DD-46E3-9F5F-E028391E373F} ()
[02/17/2008, 18:54:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:54:13] - Checking for HKLM\...\Winlogon\Notify\qopqn
[02/17/2008, 18:54:13] - Key not found: HKLM\...\Winlogon\Notify\qopqn, continuing.
[02/17/2008, 18:54:13] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[02/17/2008, 18:54:13] - BHO 6: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[02/17/2008, 18:54:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:54:13] - No filename found. Continuing.
[02/17/2008, 18:54:13] - BHO 7: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[02/17/2008, 18:54:13] - BHO 8: {B2B30B77-9699-47B4-B927-DA22C0627C5E} ()
[02/17/2008, 18:54:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:54:13] - Checking for HKLM\...\Winlogon\Notify\tuvtq
[02/17/2008, 18:54:13] - Key not found: HKLM\...\Winlogon\Notify\tuvtq, continuing.
[02/17/2008, 18:54:13] - BHO 9: {E180F496-8A4B-44E2-9FE0-0364E345DB7F} ()
[02/17/2008, 18:54:13] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:54:13] - Checking for HKLM\...\Winlogon\Notify\ssqropp
[02/17/2008, 18:54:14] - Key not found: HKLM\...\Winlogon\Notify\ssqropp, continuing.
[02/17/2008, 18:54:14] - BHO 10: {f64a6c13-724f-421a-870c-0328aa432c81} ()
[02/17/2008, 18:54:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:54:14] - Checking for HKLM\...\Winlogon\Notify\ppbwlfbo
[02/17/2008, 18:54:14] - Key not found: HKLM\...\Winlogon\Notify\ppbwlfbo, continuing.
[02/17/2008, 18:54:14] - BHO 11: {FC1437ED-CCAF-4616-98F8-3EE834971251} ()
[02/17/2008, 18:54:14] - WARNING: BHO has no default name. Checking for Winlogon reference.
[02/17/2008, 18:54:14] - Checking for HKLM\...\Winlogon\Notify\xxyyv
[02/17/2008, 18:54:14] - Key not found: HKLM\...\Winlogon\Notify\xxyyv, continuing.
[02/17/2008, 18:54:14] - Finished Searching Browser Helper Objects
[02/17/2008, 18:54:14] - Finishing up...
[02/17/2008, 18:54:14] - Nothing found! Exiting...

Réponse 27 / 101

Utilisateur anonyme

Re ,

Un nouveau rapport Hijackthis maintenant stp ;)

a+

Réponse 28 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

Réponse 29 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:03, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Thomson\Auto Updater\Auto Updater.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\Ext\Restoredesktop\RestoreDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\suzy.AL\Application Data\??sembly\?xplorer.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\Ext\AllSnap\allSnap.exe
C:\WINDOWS\system32\Ext\ClipTray\ClipTray.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ext\ClocX\ClocX.exe
C:\WINDOWS\system32\Ext\DialogBoxAssistant\OSDEx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ext\Restoredesktop\RestoreDesktop.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\Ext\Sizer\sizer.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\Ext\Statbar\StatBar.exe
C:\WINDOWS\system32\Ext\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\Ext\UberIcon\UberIconManager.exe
C:\WINDOWS\system32\Ext\WinRoll\winroll.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dme&x Toolbar - {3F756BC4-26CB-497E-9409-8F09C1850C80} - C:\WINDOWS\system32\Ext\DmexBar\dmexbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [LyraUpdates] "C:\Program Files\Thomson\Auto Updater\Auto Updater.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RestoreDesktop] C:\WINDOWS\System32\Ext\Restoredesktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Anas] "C:\DOCUME~1\suzy.AL\APPLIC~1\CROSOF~1.NET\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Zxnhni] "C:\Documents and Settings\suzy.AL\Application Data\??sembly\?xplorer.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: AllSnap.lnk = C:\WINDOWS\system32\Ext\AllSnap\allSnap.exe
O4 - Startup: ClipTray.lnk = C:\WINDOWS\system32\Ext\ClipTray\ClipTray.exe
O4 - Startup: ClocX.lnk = C:\WINDOWS\system32\Ext\ClocX\ClocX.exe
O4 - Startup: DialogBoxAssistant.lnk = C:\WINDOWS\system32\Ext\DialogBoxAssistant\OSDEx.exe
O4 - Startup: RestoreDesktop.lnk = C:\WINDOWS\system32\Ext\Restoredesktop\RestoreDesktop.exe
O4 - Startup: Sizer.lnk = C:\WINDOWS\system32\Ext\Sizer\sizer.exe
O4 - Startup: StatBar.lnk = C:\WINDOWS\system32\Ext\Statbar\StatBar.exe
O4 - Startup: SWFLivePreview.lnk = C:\WINDOWS\system32\Ext\SWFLivePreview\swf_lp.exe
O4 - Startup: TaskSwitchXP.lnk = C:\WINDOWS\system32\Ext\TaskSwitchXP\TaskSwitchXP.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\system32\Ext\UberIcon\UberIconManager.exe
O4 - Startup: Winroll.lnk = C:\WINDOWS\system32\Ext\WinRoll\winroll.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get File Size - res://C:\WINDOWS\System32\Ext\GetFileSize\GetFileSize.exe/130
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Diminuer la taille de la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - C:\WINDOWS\system32\Ext\EasyRead\ZoomOut.js
O9 - Extra button: Agrandir la taille de la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - C:\WINDOWS\system32\Ext\EasyRead\ZoomIn.js
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Votre Opinion\PanelApp\PanelSvc.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Réponse 30 / 101

Utilisateur anonyme

Re ,

Pourrais-tu renommer hijackthis stp ? c'est important , surtout dans ton cas.

Ton chemin d'accès :

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Ce que je veux :

C:\Program Files\Trend Micro\HijackThis\HJT.exe

tu renomme le fichier situé dans C:\programme\trend micro\ la tu renomme le fichier ou tu double clique dessus pour lancer Hijackthis.

Puis une fois cela fait , reposte moi un rapport merci :)

A+

Réponse 31 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

ok mais komen tu fais pour renomer hijackthis???

Réponse 32 / 101

Utilisateur anonyme

Va dans poste de travail > programme > Trend micro > Hijackthis > Et là tu dois avoir une icône de ce genre ->

http://www.libellules.ch/images/hjt/hjticon.gif

Renomme la en HJT.exe

A+

Réponse 33 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

ok c renomer normalement, voilà le new rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:43, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Thomson\Auto Updater\Auto Updater.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\Ext\Restoredesktop\RestoreDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\suzy.AL\Application Data\??sembly\?xplorer.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\Ext\AllSnap\allSnap.exe
C:\WINDOWS\system32\Ext\ClipTray\ClipTray.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ext\ClocX\ClocX.exe
C:\WINDOWS\system32\Ext\DialogBoxAssistant\OSDEx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ext\Restoredesktop\RestoreDesktop.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\Ext\Sizer\sizer.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\Ext\Statbar\StatBar.exe
C:\WINDOWS\system32\Ext\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\Ext\UberIcon\UberIconManager.exe
C:\WINDOWS\system32\Ext\WinRoll\winroll.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dme&x Toolbar - {3F756BC4-26CB-497E-9409-8F09C1850C80} - C:\WINDOWS\system32\Ext\DmexBar\dmexbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [LyraUpdates] "C:\Program Files\Thomson\Auto Updater\Auto Updater.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RestoreDesktop] C:\WINDOWS\System32\Ext\Restoredesktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Anas] "C:\DOCUME~1\suzy.AL\APPLIC~1\CROSOF~1.NET\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Zxnhni] "C:\Documents and Settings\suzy.AL\Application Data\??sembly\?xplorer.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: AllSnap.lnk = C:\WINDOWS\system32\Ext\AllSnap\allSnap.exe
O4 - Startup: ClipTray.lnk = C:\WINDOWS\system32\Ext\ClipTray\ClipTray.exe
O4 - Startup: ClocX.lnk = C:\WINDOWS\system32\Ext\ClocX\ClocX.exe
O4 - Startup: DialogBoxAssistant.lnk = C:\WINDOWS\system32\Ext\DialogBoxAssistant\OSDEx.exe
O4 - Startup: RestoreDesktop.lnk = C:\WINDOWS\system32\Ext\Restoredesktop\RestoreDesktop.exe
O4 - Startup: Sizer.lnk = C:\WINDOWS\system32\Ext\Sizer\sizer.exe
O4 - Startup: StatBar.lnk = C:\WINDOWS\system32\Ext\Statbar\StatBar.exe
O4 - Startup: SWFLivePreview.lnk = C:\WINDOWS\system32\Ext\SWFLivePreview\swf_lp.exe
O4 - Startup: TaskSwitchXP.lnk = C:\WINDOWS\system32\Ext\TaskSwitchXP\TaskSwitchXP.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\system32\Ext\UberIcon\UberIconManager.exe
O4 - Startup: Winroll.lnk = C:\WINDOWS\system32\Ext\WinRoll\winroll.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get File Size - res://C:\WINDOWS\System32\Ext\GetFileSize\GetFileSize.exe/130
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Diminuer la taille de la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - C:\WINDOWS\system32\Ext\EasyRead\ZoomOut.js
O9 - Extra button: Agrandir la taille de la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - C:\WINDOWS\system32\Ext\EasyRead\ZoomIn.js
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Votre Opinion\PanelApp\PanelSvc.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Réponse 34 / 101

Utilisateur anonyme

Re, non tu as renommé l'icône sur ton bureau ...

Je veux celle située dans C:\ ect ...

Regarde : ( ton rapport )

....
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe  <-- Pas bon ! 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL 
....

Réponse 35 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:22, on 17/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Thomson\Auto Updater\Auto Updater.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\Ext\Restoredesktop\RestoreDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\suzy.AL\Application Data\??sembly\?xplorer.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\Ext\AllSnap\allSnap.exe
C:\WINDOWS\system32\Ext\ClipTray\ClipTray.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\Ext\ClocX\ClocX.exe
C:\WINDOWS\system32\Ext\DialogBoxAssistant\OSDEx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ext\Restoredesktop\RestoreDesktop.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Wireless 802.11g Monitor\WLService.exe
C:\Program Files\Wireless 802.11g Monitor\WLanCfgG.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\Ext\Sizer\sizer.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\WINDOWS\system32\Ext\Statbar\StatBar.exe
C:\WINDOWS\system32\Ext\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\Ext\UberIcon\UberIconManager.exe
C:\WINDOWS\system32\Ext\WinRoll\winroll.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HJT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92C897AB-1800-4F89-9318-91980092AF8B} - C:\WINDOWS\system32\qopqn.dll
O2 - BHO: (no name) - {B2B30B77-9699-47B4-B927-DA22C0627C5E} - C:\WINDOWS\system32\tuvtq.dll (file missing)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\ssqropp.dll
O2 - BHO: {18c234aa-8230-c078-a124-f42731c6a46f} - {f64a6c13-724f-421a-870c-0328aa432c81} - C:\WINDOWS\system32\ppbwlfbo.dll (file missing)
O2 - BHO: (no name) - {FC1437ED-CCAF-4616-98F8-3EE834971251} - C:\WINDOWS\system32\xxyyv.dll (file missing)
O3 - Toolbar: Dme&x Toolbar - {3F756BC4-26CB-497E-9409-8F09C1850C80} - C:\WINDOWS\system32\Ext\DmexBar\dmexbar.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [LyraUpdates] "C:\Program Files\Thomson\Auto Updater\Auto Updater.exe"
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -preload
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RestoreDesktop] C:\WINDOWS\System32\Ext\Restoredesktop\RestoreDesktop.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Anas] "C:\DOCUME~1\suzy.AL\APPLIC~1\CROSOF~1.NET\wuauboot.exe" -vt ndrv
O4 - HKCU\..\Run: [Zxnhni] "C:\Documents and Settings\suzy.AL\Application Data\??sembly\?xplorer.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: AllSnap.lnk = C:\WINDOWS\system32\Ext\AllSnap\allSnap.exe
O4 - Startup: ClipTray.lnk = C:\WINDOWS\system32\Ext\ClipTray\ClipTray.exe
O4 - Startup: ClocX.lnk = C:\WINDOWS\system32\Ext\ClocX\ClocX.exe
O4 - Startup: DialogBoxAssistant.lnk = C:\WINDOWS\system32\Ext\DialogBoxAssistant\OSDEx.exe
O4 - Startup: RestoreDesktop.lnk = C:\WINDOWS\system32\Ext\Restoredesktop\RestoreDesktop.exe
O4 - Startup: Sizer.lnk = C:\WINDOWS\system32\Ext\Sizer\sizer.exe
O4 - Startup: StatBar.lnk = C:\WINDOWS\system32\Ext\Statbar\StatBar.exe
O4 - Startup: SWFLivePreview.lnk = C:\WINDOWS\system32\Ext\SWFLivePreview\swf_lp.exe
O4 - Startup: TaskSwitchXP.lnk = C:\WINDOWS\system32\Ext\TaskSwitchXP\TaskSwitchXP.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\system32\Ext\UberIcon\UberIconManager.exe
O4 - Startup: Winroll.lnk = C:\WINDOWS\system32\Ext\WinRoll\winroll.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: svchost.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get File Size - res://C:\WINDOWS\System32\Ext\GetFileSize\GetFileSize.exe/130
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Diminuer la taille de la page - {A0E6D3BD-A661-447D-8634-0751467857F3} - C:\WINDOWS\system32\Ext\EasyRead\ZoomOut.js
O9 - Extra button: Agrandir la taille de la page - {AEBB571B-4C48-438D-808D-999F168CDECE} - C:\WINDOWS\system32\Ext\EasyRead\ZoomIn.js
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: PanelSvc - Unknown owner - C:\Program Files\Votre Opinion\PanelApp\PanelSvc.exe
O23 - Service: R54G Wireless Service - Unknown owner - C:\Program Files\Wireless 802.11g Monitor\WLService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Réponse 36 / 101

Utilisateur anonyme

Re ,voila =)
Peux-tu me dire pourquoi tu as eu du mal à trouver , et si ma procédure était précise ? ( histoire que j'améliore mes procédure ) d'avance merci =)

******************************************
Met à jour IE -> https://support.microsoft.com/fr-fr/allproducts
En effet les version 6 et antérieures , sont bourrées de failles de sécurité , le version 7 les corrigent en partie.

********************************

Met à jour JAVA --> https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

*******************
Ta version d'Adobe n'est pas à jour , désinstalle ta version actuelle en passant par ' ajout et supréssion de programmes '

Puis télécharge la dernière , via ce site --> https://get2.adobe.com/reader/otherversions/

Bulletin de sécurité sur les versions Adobe 7.0.8 et antérieures :

https://www.adobe.com/support/security/bulletins/apsb07-01.html

************

voila 3 mises à jour , je continu :
---------------------------------------

Tu as des restes du trojan =S , fait ce qui suit :
Je t'avertis , je vire spyware doctor , ce programme ne m'inspire pas confiance du tout. ( pleins de faux-positifs , etc ... )

Télécharge OTMoveIt2 ( de Old Timer )

Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

puis copie les lignes en gras qui se trouvent en dessous :

C:\WINDOWS\system32\qopqn.dll
C:\WINDOWS\system32\ssqropp.dll
C:\Program Files\Spyware Doctor
C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe

et colle-les dans le cadre de gauche de OTMoveIt : "Paste Standard List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
2) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

3) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.

**********

Poste le rapport.

( pas besoin de te presser je re dans + d'1 heure )
Fait tout correctement !
A+

Réponse 37 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

non j'te rassure ta procédure est précise c'est moi ki é du mal avec l'informatique lol -je fais tout ca dans l'ordre et je te tiens au courant merci de ta patience à toute

Réponse 38 / 101

Utilisateur anonyme

Re, ok à toute ;)

Réponse 39 / 101

suzytouns Messages postés 51 Date d'inscription Statut Membre Dernière intervention

DllUnregisterServer procedure not found in C:\WINDOWS\system32\qopqn.dll
C:\WINDOWS\system32\qopqn.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\qopqn.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\ssqropp.dll
C:\WINDOWS\system32\ssqropp.dll NOT unregistered.
C:\WINDOWS\system32\ssqropp.dll moved successfully.
C:\Program Files\Spyware Doctor\~tmp moved successfully.
C:\Program Files\Spyware Doctor\tools moved successfully.
C:\Program Files\Spyware Doctor\shbackup moved successfully.
C:\Program Files\Spyware Doctor\quarantine moved successfully.
C:\Program Files\Spyware Doctor\plugins moved successfully.
C:\Program Files\Spyware Doctor\LuLng moved successfully.
C:\Program Files\Spyware Doctor\log moved successfully.
C:\Program Files\Spyware Doctor\history moved successfully.
C:\Program Files\Spyware Doctor moved successfully.
C:\PROGRA~1\FICHIE~1\AVSYST~1\ugac.exe moved successfully.

OTMoveIt2 v1.0.20 log created on 02172008_214523

Réponse 40 / 101

Utilisateur anonyme

Re , redémarre et poste un nouveau rapport Hijackthis stp ;)

A+

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport

écrire un rapport de travail

impossible d'afficher le tableau dynamique sur un rapport existant

Problém affichage du tableau croisé dynamique

Tableau croisé dynamique

Votre réponse

Discussions similaires