Sujet Précédent Sujet Suivant

Comment désinfecter mon pc sous vista

Fermé
lavandeviolette Messages postés 17 Date d'inscription samedi 20 novembre 2004 Statut Membre Dernière intervention 1 août 2009 - 4 mars 2008 à 08:58
 chouk - 25 août 2009 à 15:10
Bonjour,

comment me débarrasser de cete adresse svp
http://detoxitnow.com/?a=gambitlive


je voudrais savoir comment désinfecter mon pc, svp, merci
je suis sous vista
je vous envoie le rapport hijackhis

merci pour votre aide

cordialement



StartupList report, 04/03/2008, 08:47:53
StartupList version: 1.52.2
Started from : C:\Users\MFRANC~1.GON\AppData\Local\Temp\Rar$EX00.417\HijackThis.EXE
Detected: Unknown Windows (WinNT 6.00.1904)
Detected: Internet Explorer v7.00 (7.00.6000.16609)
* Using default options
==================================================

Running processes:

C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ESET\nod32kui.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Windows\System32\rundll32.exe
C:\Users\MFRANC~1.GON\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\MFRANC~1.GON\AppData\Local\Temp\Rar$EX00.417\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\notepad.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nod32kui = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
WPCUMI = C:\Windows\system32\WpcUmi.exe
Windows Defender = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
WarReg_PopUp = C:\Acer\WR_PopUp\WarReg_PopUp.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
RtHDVCpl = RtHDVCpl.exe
NvSvc = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvMediaCenter = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
ISUSScheduler = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ISUSPM Startup = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
eDataSecurity Loader = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
MediaBarFileManager = C:\Program Files\On Demand Distribution\OD2 Music Manager\OD2MediaBar_VistaFileManager.exe
LManager = C:\PROGRA~1\LAUNCH~1\LManager.exe
Acer Tour Reminder = C:\Acer\AcerTour\Reminder.exe
BM299b28c0 = Rundll32.exe "C:\Windows\system32\hpysabig.dll",s

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Gadwin PrintScreen = C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
ISUSPM Startup = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
msnmsgr = "c:\program files\windows live\messenger\msnmsgr.exe" /background
IncrediMail = C:\Program Files\IncrediMail\bin\IncMail.exe /c
ehTray.exe = C:\Windows\ehome\ehTray.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
Windows Mail = C:\Program Files\Windows Mail\WinMail.exe
Internet Explorer = C:\Program Files\Internet Explorer\iexplore.exe
Acer Tour Reminder =

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=eNetHook.dll

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\Windows\system32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Task Scheduler jobs:

Maintenance en 1 clic.job
Vérifier les mises à jour de Windows Live Toolbar.job

--------------------------------------------------

Enumerating Download Program Files:

[F-Secure Online Scanner 3.1]
InProcServer32 = C:\Windows\Downloaded Program Files\fscax.dll
CODEBASE = https://www.f-secure.com/en/home/support

[Checkers Class]
InProcServer32 = C:\Windows\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

[UnoCtrl Class]
InProcServer32 = C:\Windows\Downloaded Program Files\GAME_UNO1.dll
CODEBASE = http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

[Windows Live Photo Upload Control]
InProcServer32 = C:\Windows\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://lavandeviolette.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab

[Java Plug-in 1.6.0_03]
InProcServer32 = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
CODEBASE = http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

[{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}]
CODEBASE = http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

[PhotoPickConvert Class]
InProcServer32 = C:\Windows\Downloaded Program Files\PhtPkMSN.dll
CODEBASE = http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

[{BFB5F154-9212-46F3-B547-AC6106030A54}]
CODEBASE = https://carrefourinternet.com/index.asp

[MessengerStatsClient Class]
InProcServer32 = C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

[IPSUploader Control]
CODEBASE = http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Users\mfrance.gonzalez\Local Settings\Temporary Internet Files\Content.IE5\index.dat||C:\Users\MFRANC~1.GON\AppData\Local\Temp\GLB1A2B.EXE||C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll||C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll|||m

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\Windows\system32\webcheck.dll

--------------------------------------------------
End of report, 9 337 bytes
Report generated in 0,031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

A voir également:

2 réponses

Réponse 1 / 2
Shingurila Messages postés 149 Date d'inscription mardi 4 mars 2008 Statut Membre Dernière intervention 5 janvier 2011 19
4 mars 2008 à 10:12
salut tu peux essayer avec Spybot S&D si s'est un malware il le trouvera. Après essai avec différent type d'antivirus (http://www.secuser.com/telechargement/index.htm ).
0
Réponse 2 / 2
chouk
25 août 2009 à 15:10
merci
0