Recherche avec google, redirection page pub
Résolu/Fermé
hyundai
Messages postés
27
Date d'inscription
mardi 13 février 2007
Statut
Membre
Dernière intervention
18 avril 2009
-
29 mai 2008 à 17:11
jeremythique - 25 mai 2012 à 09:28
jeremythique - 25 mai 2012 à 09:28
A voir également:
- Recherche avec google, redirection page pub
- Dns google - Guide
- Google maps satellite - Guide
- Supprimer une page word - Guide
- Netflix standard avec pub - Guide
- Bloqueur de pub youtube - Guide
9 réponses
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
29 mai 2008 à 20:25
29 mai 2008 à 20:25
Bonjour,
On commence par un HijackThis.
Télécharge sur le Bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
= colle le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
On commence par un HijackThis.
Télécharge sur le Bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe
= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
= colle le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
hyundai
Messages postés
27
Date d'inscription
mardi 13 février 2007
Statut
Membre
Dernière intervention
18 avril 2009
3
31 mai 2008 à 00:15
31 mai 2008 à 00:15
Bonsoir,
j'ai finalement réinstallé windows xp. Mais le problème demeure, je pense être sérieusement infecté. Voici le log d'hijack fait après la réinstallation. Merci pour ton aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:43, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
j'ai finalement réinstallé windows xp. Mais le problème demeure, je pense être sérieusement infecté. Voici le log d'hijack fait après la réinstallation. Merci pour ton aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:02:43, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
30 mai 2008 à 21:30
30 mai 2008 à 21:30
HijackThis à bien édité un rapport ?
as tu essayé en passant par Démarrer > tous les programmes > Accessoire > Bloc-notes
as tu essayé en passant par Démarrer > tous les programmes > Accessoire > Bloc-notes
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
31 mai 2008 à 00:48
31 mai 2008 à 00:48
Pourquoi avoir formater !!!!!!
et bien maintenant ton rapport HijackThis nous montre aucune infection
il nous montre aussi aucune protection pas d'antivirus, pas de pare-feu
pour l'antivirus regarde ici http://www.swl1f.net/viewtopic.php?f=14&t=59
pour le pare-feu https://www.malekal.com/tutoriel-zonealarm-firewall/
je te conseil de les installer sans perdre de temps
@+
et bien maintenant ton rapport HijackThis nous montre aucune infection
il nous montre aussi aucune protection pas d'antivirus, pas de pare-feu
pour l'antivirus regarde ici http://www.swl1f.net/viewtopic.php?f=14&t=59
pour le pare-feu https://www.malekal.com/tutoriel-zonealarm-firewall/
je te conseil de les installer sans perdre de temps
@+
hyundai
Messages postés
27
Date d'inscription
mardi 13 février 2007
Statut
Membre
Dernière intervention
18 avril 2009
3
31 mai 2008 à 01:50
31 mai 2008 à 01:50
J'ai formaté car l'ordinateur ne se rallumait plus, même en mode sans échec.
J'ai installé Avira Antivir et il m'a détecté des trojan, des malware, zango B Virus, bref plein de truc ds le fichier c: system volume restoration. Ils sont en quarantaine.
Pour l'instant, le Pc marche bien. Je te remercie pour ton aide, et si tu pouvais me décrypter le rapport et me dire que faire pour être définitivement débarrassé de ces méchantes bébêtes, je t'en serais gré.
Avira AntiVir Personal
Report file date: samedi 31 mai 2008 00:21
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 22:17:46
ANTIVIR3.VDF : 7.0.4.118 376832 Bytes 30/05/2008 22:17:56
Engineversion : 8.1.0.51
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.37 270715 Bytes 30/05/2008 22:18:33
AESCN.DLL : 8.1.0.20 119157 Bytes 30/05/2008 22:18:31
AERDL.DLL : 8.1.0.20 418165 Bytes 30/05/2008 22:18:29
AEPACK.DLL : 8.1.1.5 364918 Bytes 30/05/2008 22:18:23
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 30/05/2008 22:18:19
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 30/05/2008 22:18:16
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 22:18:08
AEGEN.DLL : 8.1.0.25 307573 Bytes 30/05/2008 22:18:06
AEEMU.DLL : 8.1.0.6 430451 Bytes 30/05/2008 22:18:01
AECORE.DLL : 8.1.0.30 168311 Bytes 30/05/2008 22:17:58
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 31 mai 2008 00:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'zaSetup_fr.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\User\Mes documents\alain\FileFormatConverters.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{4813E5C4-1699-4622-BD61-DBCF4F218DDE}\RP135\A0050496.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aol
[NOTE] The file was moved to '487086cd.qua'!
C:\System Volume Information\_restore{4813E5C4-1699-4622-BD61-DBCF4F218DDE}\RP135\A0050617.dll
[DETECTION] Is the Trojan horse TR/Agent.45056.138
[NOTE] The file was moved to '487086d7.qua'!
C:\System Volume Information\_restore{4813E5C4-1699-4622-BD61-DBCF4F218DDE}\RP135\A0050863.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aol
[NOTE] The file was moved to '487086e0.qua'!
C:\System Volume Information\_restore{4813E5C4-1699-4622-BD61-DBCF4F218DDE}\RP137\A0051013.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '487086e8.qua'!
C:\System Volume Information\_restore{B662776E-7328-4F6C-91ED-F78986AFF29B}\RP8\A0002965.dll
[DETECTION] Is the Trojan horse TR/Agent.30208
[NOTE] The file was moved to '4870888f.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP35\A0010919.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '487088ec.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP35\A0010923.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '491667c5.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP37\A0012228.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '487088f4.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP37\A0012239.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '491667dd.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP43\A0013512.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '487088ff.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP43\A0013516.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '49166628.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP43\A0013596.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '48708901.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP43\A0013607.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '4916662a.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP45\A0013980.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '48708906.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP45\A0013984.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '48708907.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP45\A0014065.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '48708908.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP45\A0014076.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '49166621.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP47\A0014329.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '4870890c.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP47\A0014333.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '4870890d.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP47\A0014413.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '4870890e.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP47\A0014424.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '49166627.qua'!
End of the scan: samedi 31 mai 2008 01:42
Used time: 1:20:50 min
The scan has been canceled!
7487 Scanning directories
188122 Files were scanned
21 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
21 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
188101 Files not concerned
625 Archives were scanned
2 Warnings
21 Notes
J'ai installé Avira Antivir et il m'a détecté des trojan, des malware, zango B Virus, bref plein de truc ds le fichier c: system volume restoration. Ils sont en quarantaine.
Pour l'instant, le Pc marche bien. Je te remercie pour ton aide, et si tu pouvais me décrypter le rapport et me dire que faire pour être définitivement débarrassé de ces méchantes bébêtes, je t'en serais gré.
Avira AntiVir Personal
Report file date: samedi 31 mai 2008 00:21
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 22:17:46
ANTIVIR3.VDF : 7.0.4.118 376832 Bytes 30/05/2008 22:17:56
Engineversion : 8.1.0.51
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.37 270715 Bytes 30/05/2008 22:18:33
AESCN.DLL : 8.1.0.20 119157 Bytes 30/05/2008 22:18:31
AERDL.DLL : 8.1.0.20 418165 Bytes 30/05/2008 22:18:29
AEPACK.DLL : 8.1.1.5 364918 Bytes 30/05/2008 22:18:23
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 30/05/2008 22:18:19
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 30/05/2008 22:18:16
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/05/2008 22:18:08
AEGEN.DLL : 8.1.0.25 307573 Bytes 30/05/2008 22:18:06
AEEMU.DLL : 8.1.0.6 430451 Bytes 30/05/2008 22:18:01
AECORE.DLL : 8.1.0.30 168311 Bytes 30/05/2008 22:17:58
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 31 mai 2008 00:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'zaSetup_fr.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'nvraidservice.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\User\Mes documents\alain\FileFormatConverters.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{4813E5C4-1699-4622-BD61-DBCF4F218DDE}\RP135\A0050496.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aol
[NOTE] The file was moved to '487086cd.qua'!
C:\System Volume Information\_restore{4813E5C4-1699-4622-BD61-DBCF4F218DDE}\RP135\A0050617.dll
[DETECTION] Is the Trojan horse TR/Agent.45056.138
[NOTE] The file was moved to '487086d7.qua'!
C:\System Volume Information\_restore{4813E5C4-1699-4622-BD61-DBCF4F218DDE}\RP135\A0050863.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/Agent.aol
[NOTE] The file was moved to '487086e0.qua'!
C:\System Volume Information\_restore{4813E5C4-1699-4622-BD61-DBCF4F218DDE}\RP137\A0051013.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '487086e8.qua'!
C:\System Volume Information\_restore{B662776E-7328-4F6C-91ED-F78986AFF29B}\RP8\A0002965.dll
[DETECTION] Is the Trojan horse TR/Agent.30208
[NOTE] The file was moved to '4870888f.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP35\A0010919.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '487088ec.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP35\A0010923.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '491667c5.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP37\A0012228.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '487088f4.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP37\A0012239.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '491667dd.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP43\A0013512.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '487088ff.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP43\A0013516.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '49166628.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP43\A0013596.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '48708901.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP43\A0013607.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '4916662a.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP45\A0013980.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '48708906.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP45\A0013984.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '48708907.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP45\A0014065.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '48708908.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP45\A0014076.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '49166621.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP47\A0014329.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '4870890c.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP47\A0014333.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '4870890d.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP47\A0014413.dll
[DETECTION] Contains detection pattern of the ASDPY/Zango.B virus
[NOTE] The file was moved to '4870890e.qua'!
C:\System Volume Information\_restore{BE888896-C5BF-4E86-814C-ADC719F30E10}\RP47\A0014424.dll
[DETECTION] Is the Trojan horse TR/BHO.Zango.A
[NOTE] The file was moved to '49166627.qua'!
End of the scan: samedi 31 mai 2008 01:42
Used time: 1:20:50 min
The scan has been canceled!
7487 Scanning directories
188122 Files were scanned
21 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
21 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
188101 Files not concerned
625 Archives were scanned
2 Warnings
21 Notes
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
31 mai 2008 à 11:13
31 mai 2008 à 11:13
Bonjour
As tu formater ??
ou plutôt écraser
1/ recherche dans ajout et suppression de programmes, via le Panneau de configuration
et dans C:\Program Files en suivant ce chemin: Démarrer > Poste de travail > Disque C: > Program Files
Zango Toolbar
Supprime le
2/ fait un scan en ligne
avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
Scan à faire sous Internet Explorer
un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
ensuite un nouveau rapport hijack stp
@+
As tu formater ??
ou plutôt écraser
1/ recherche dans ajout et suppression de programmes, via le Panneau de configuration
et dans C:\Program Files en suivant ce chemin: Démarrer > Poste de travail > Disque C: > Program Files
Zango Toolbar
Supprime le
2/ fait un scan en ligne
avec bitdefender et colle le rapport
https://www.bitdefender.com/toolbox/
Scan à faire sous Internet Explorer
un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
ensuite un nouveau rapport hijack stp
@+
hyundai
Messages postés
27
Date d'inscription
mardi 13 février 2007
Statut
Membre
Dernière intervention
18 avril 2009
3
3 juin 2008 à 14:02
3 juin 2008 à 14:02
Salut ep44, voilà, j'ai un énorme problème : mon ordinateur lorsque je l'allume redémarre sans cesse, je ne peux rien faire même en faisant un mode sans échec, ou les dernières bonnes configurations. En trois jours, je l'ai formaté trois fois. Si tu peux me donner quelques pistes, merci à toi !!!
J'ai fait un Bitdefender QuickScan, voici ci dessous le résultat:
Aucune infection active n'a été détectée sur votre PC.
Cependant j'ai toujours des pubs qui m'arrive sur mon navigateur web, le site qui redirige ces pub est rediegpub ou un truc dans le genre, connaissait vous ce site ?
Comment s'en débarrasser ?
Merci de votre aide.
Aucune infection active n'a été détectée sur votre PC.
Cependant j'ai toujours des pubs qui m'arrive sur mon navigateur web, le site qui redirige ces pub est rediegpub ou un truc dans le genre, connaissait vous ce site ?
Comment s'en débarrasser ?
Merci de votre aide.
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
3 juin 2008 à 21:21
3 juin 2008 à 21:21
Bonsoir
pourquoi avoir formater comme ça?
essaye de relancer sur le cd et de faire réparation.
pourquoi avoir formater comme ça?
essaye de relancer sur le cd et de faire réparation.
hyundai
Messages postés
27
Date d'inscription
mardi 13 février 2007
Statut
Membre
Dernière intervention
18 avril 2009
3
7 juin 2008 à 12:10
7 juin 2008 à 12:10
Ce que j'appelle reformater, c'est réinstaller windows xp à partir du CD mais sans effacer mes documents. La réparation partir du CD échoue à chaque fois. Mais sinon, bonne nouvelle, après une nouvelle installation, j'ai fait un scan antivirus en ligne avec trend micro. Il m'a nettoyé mon PC et depuis aucun problème à signaler. Néanmoins, je ne sais toujours pas ce qui était la cause de ce bazar, enfin du moment que ca marche !!!
Je te remercie beaucoup ep44 de m'avoir aidé !!!
Super forum !!!!!
Je te remercie beaucoup ep44 de m'avoir aidé !!!
Super forum !!!!!
ep44
Messages postés
7393
Date d'inscription
samedi 10 novembre 2007
Statut
Contributeur
Dernière intervention
11 novembre 2010
3
7 juin 2008 à 13:23
7 juin 2008 à 13:23
ok bye
Bonjour,
Il se trouve que j'ai le même problème pour les recherches google redirigées vers des pubs. Je poste mon rapport hijackthis. Si quelqu'un avait la gentillesse de m'aider, ce serait sympa !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:20:08, on 13/05/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [GraphicsSwitch] AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Julie-asus
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Julie-asus
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Julie-asus
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\windows\system32\lxdxcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
Il se trouve que j'ai le même problème pour les recherches google redirigées vers des pubs. Je poste mon rapport hijackthis. Si quelqu'un avait la gentillesse de m'aider, ce serait sympa !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:20:08, on 13/05/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16766)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\rundll32.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Julie\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [GraphicsSwitch] AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Julie-asus
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Julie-asus
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Julie-asus
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
O23 - Service: lxdx_device - - C:\windows\system32\lxdxcoms.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
Up! J'ai le même problème et aucun anti-malware n'arrive à m'en débarasser!
Ca a commencé lorsque j'ai executer un fichier provenant d'un site que je ne connaissais pas (erreur de débutant, pourtant d'habitude je fait gaffe...).
Vu que ce post est très ancient est-ce qu'un rapport HiJack est toujours d'actualité? Si oui j'aimerais apprendre à en lire un.
Merci d'avance!
Ca a commencé lorsque j'ai executer un fichier provenant d'un site que je ne connaissais pas (erreur de débutant, pourtant d'habitude je fait gaffe...).
Vu que ce post est très ancient est-ce qu'un rapport HiJack est toujours d'actualité? Si oui j'aimerais apprendre à en lire un.
Merci d'avance!
30 mai 2008 à 21:12