Sujet Précédent Sujet Suivant

Problème internet

Résolu
sinza93 Messages postés 247 Statut Membre -  
sinza93 Messages postés 247 Statut Membre -
Bonjour,

et bonne rentrée à tous, en cette rentrée 2008 je m'aperçois que j'ai des bugg de connexion notamment pour skyblog une fois que je clique pour voir mon blog ma page se fige et je suis obligé de quitter brutalement en fermant la fenêtre et ensuite réouvrir pour restaurer la fenêtre de skyblog ceci est juste un exemple parmis tant d'autres, il y a aussi pour certains upload de jeu où d'utilitaires comme clubic où télécharger.com ça plante.

j'ai utilisé spybot en entier plus mise à jour je pensais avoir tout nettoyer et ben ça continu qu'est ce que ça peut être?

en espérant une réponse où une aide de votre part

cordialement Sinza
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok maintenant fais ceci stp :

● Relance Ad-remover , au menu principal choisi l'option "B"

-- le programme va travailler --

● Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

/!\ Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide) /!\

et ensuite refais un nouveau rapport hijackthis pour vérifier stp
1
Réponse 2 / 26
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

Fais un rapport hijackthis pour que je puisses vérifier les infections de ton pc stp

Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

https://www.androidworld.fr/
0
Réponse 3 / 26
sinza93 Messages postés 247 Statut Membre 28
 
Rapport fait à 0:51:51,90, 04/09/2008
Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AA794FF2-51F3-4234-A3BC-AB7C18426DC0}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AA794FF2-51F3-4234-A3BC-AB7C18426DC0}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AA794FF2-51F3-4234-A3BC-AB7C18426DC0}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip\..\{AA794FF2-51F3-4234-A3BC-AB7C18426DC0}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

voilà c'est grave docteur ;) lol merci tout de même
0
Réponse 4 / 26
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
je ne t ai pas demandé de faire smitfraudfix, je t ai demandé de faire un rapport hijackthis lol

Fais ce qui suit stp :

Télécharge cet outil de SiRi:

http://siri.urz.free.fr/RHosts.php

Double clique dessus pour l'exécuter

et cliques sur " Restore original Hosts "

ps : c est normal que rien ne se passe

ensuire redémarre

ensuite :

Fais un rapport hijackthis pour que je puisses vérifier les infections de ton pc stp

Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

https://www.androidworld.fr/
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
sinza93 Messages postés 247 Statut Membre 28
 
désolé je l'avais désinstaller j'ai confondu donc

hitjackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:07, on 04/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\Compaq_Propriétaire\Bureau\install_fr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
0
Réponse 6 / 26
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

fais ceci stp :

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau à cette adresse :

(c est le numéro 6 en bas de la page) : https://www.androidworld.fr/

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
Réponse 7 / 26
sinza93 Messages postés 247 Statut Membre 28
 
coucou voici ce que ça donne:

Option : [1] ( 05/09/2008| 5:58 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskSBar
C:\Program Files\AskSBar\bar
C:\Program Files\AskSBar\SrchAstt
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
C:\Program Files\DAEMON Tools Toolbar\Resources
C:\Program Files\DAEMON Tools Toolbar\uninst.exe
C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

-----------\\ Extensions

(Compaq_Propri‚taire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\COMPAQ~1\Mes documents\Ma musique\rap us\rap old school\Biggie Smalls - 10 Crack Commandments.mp3

1 - "C:\ToolBar SD\TB_1.txt" - 05/09/2008| 6:00 - Option : [1]

-----------\\ Fin du rapport a 6:00:40,35

ps: merci beaucoup encore de ta sympathie
0
Réponse 8 / 26
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

ok maintenant fais ce qui suit stp :

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

ensuite :

Télécharger sur le bureau malwarebytes à cette adresse :

https://www.androidworld.fr/

Voici un tuto pour bien l installer et bien l utiliser :

https://www.androidworld.fr/

Après l analyse, redémarrer le pc et poste le rapport !!

Et refais un nouveau rapport hijackthis stp
0
Réponse 9 / 26
sinza93 Messages postés 247 Statut Membre 28
 
ok je le fais de suite désolé pour l'attente
0
Réponse 10 / 26
sinza93 Messages postés 247 Statut Membre 28
 
rapport toolbar s&d

-----------\\ ToolBar S&D 1.1.7 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Compaq_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080907-0] 4.8.1229 (Activated)

"C:\ToolBar SD" ( MAJ : 04-09-2008|15:03 )
Option : [2] ( 07/09/2008|20:46 )

-----------\\ SUPPRESSION

Echec ! - C:\Program Files\AskSBar\bar
Supprime! - C:\Program Files\AskSBar\SrchAstt
Supprime! - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
Supprime! - C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT
Supprime! - C:\Program Files\DAEMON Tools Toolbar\Resources
Supprime! - C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
Supprime! - C:\Program Files\AskSBar
Supprime! - C:\Program Files\DAEMON Tools Toolbar

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(Compaq_Propri‚taire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\COMPAQ~1\Mes documents\Ma musique\rap us\rap old school\Biggie Smalls - 10 Crack Commandments.mp3

1 - "C:\ToolBar SD\TB_1.txt" - 05/09/2008| 6:00 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 07/09/2008|20:48 - Option : [2]

-----------\\ Fin du rapport a 20:48:57,15
0
Réponse 11 / 26
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok maintenant fais une analyse complete avec malwarebytes stp
0
Réponse 12 / 26
sinza93 Messages postés 247 Statut Membre 28
 
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1125
Windows 5.1.2600 Service Pack 3

07/09/2008 21:57:06
mbam-log-2008-09-07 (21-57-06).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 161812
Temps écoulé: 54 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\NI.UGA6PV_0001_N122M2910 (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP279\A0046725.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP279\A0046723.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP279\A0046783.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP279\A0046784.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.

désolé ça a mis du temps avec la soeur qui me saoul lol merci à toi je te fais hitjackthis demain merci
0
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Avant de refaire un nouveau rapport hijackthis, fais ceci stp, c est un helper que je connais tres bien qui m a conseillé de te le faire passer :

● Télécharge http://sd-1.archive-host.com/membres/up/197122637410686155/AD-R.zip AD-R.zip >> sur ton bureau.<<
● Dézippe-le ( clique droit -> ' extraire tout ' )
● Ouvre le dossier Ad-remover , et double clique sur Ad-remover.bat.
● Au menu principal choisi l'option "A"
● Poste le rapport qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 13 / 26
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

ok j attends ton rapport hijackthis
0
Réponse 14 / 26
sinza93 Messages postés 247 Statut Membre 28
 
un rapport énorme en effet

--------- AD-Remover 1.0.0.9 by C_XX ---------

__ START at: 14:38:18 | 08/09/2008
__ ON: Windows_NT (Windows XP)
__ OPTION: Scan
__ INSTALL LOCATION: C:\Documents and Settings\Compaq_Propri‚taire\Bureau\AD-R\Ad-remover\AD-Remover.bat
__ USER: Compaq_Propri‚taire | PC: NOM-EB85C523610
__ BOOT MODE: Normal
__ DRIVE(S): C:\ D:\

--------- [ PROCESSES ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\WScript.exe

------------------------ [ 36 ]

>>>>>>>>>>>>>>>> CHECKING SERVICES

>>>>>>>>>>>>>>>> REGISTRY

Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smileycentral.com"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B"
Found ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
Found ! - "HKEY_CURRENT_USER\Software\SWEETIE"
Found ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
Found ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
Found ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0"
Found ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
Found ! - "HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
Found ! - "HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
Found ! - "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
Found ! - "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
Found ! - "HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
Found ! - "HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
Found ! - "HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
Found ! - "HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
Found ! - "HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
Found ! - "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net"
Found ! - "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smileycentral.com"
Found ! - "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net"
Found ! - "HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smileycentral.com"
Found ! - "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net"
Found ! - "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smileycentral.com"
Found ! - "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net"
Found ! - "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smileycentral.com"

>>>>>>>>>>>>>>>> FILES\FOLDERS

Found ! - "C:\Program Files\Macrogaming"
Found ! - "C:\Documents and Settings\Compaq_Propri‚taire\Cookies\compaq_propri‚taire@hpfr.boonty[1].txt"
Found ! - "C:\Documents and Settings\Compaq_Propri‚taire\Cookies\compaq_propri‚taire@payment.boonty[1].txt"
Found ! - "C:\Documents and Settings\Compaq_Propri‚taire\Cookies\compaq_propri‚taire@sweetim[2].txt"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\1eu19.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2pw15.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\50e7.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6054.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7rc17.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\97z38.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\9op89.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\bye1.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cel8E.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cw793.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cwr8C.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\lad2.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\lhu31.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\m1z87.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\m8d33.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\mwu2F.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\nsh4D.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-1"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-10"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-11"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-12"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-13"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-14"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-15"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-16"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-17"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-18"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-19"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-2"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-20"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-21"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-22"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-23"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-24"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-25"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-26"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-27"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-28"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-29"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-3"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-30"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-31"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-32"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-33"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-34"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-35"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-36"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-37"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-38"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-39"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-4"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-40"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-41"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-42"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-43"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-44"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-45"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-46"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-47"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-48"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-49"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-5"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-50"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-51"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-52"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-53"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-54"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-55"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-56"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-57"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-6"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-7"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-8"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-9"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\tmp83015.WMC"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\_AIA.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFA8BC.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~nsu.tmp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\audacity_1_2_temp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ff_temp"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 1 pour GTA2INSTALLER.ZIP"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 2 pour GTA2INSTALLER.ZIP"
Found ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\_ir_sf7_temp_0"
Found ! - "C:\WINDOWS\temp\JET8992.tmp"
Found ! - "C:\WINDOWS\temp\JET8AAC.tmp"
Found ! - "C:\WINDOWS\temp\WMT4D.tmp"
Found ! - "C:\WINDOWS\temp\WMT4E.tmp"
Found ! - "C:\WINDOWS\temp\~sraxdir.tmp"
Found ! - "C:\WINDOWS\temp\Temporary Internet Files"

+---- Scanning prefs.js ... ( # Mozilla User Preferences ) ----+

\...\dbzvtfh0.default\prefs.js :

+--------------------------------------------------------------+

>>>>>>>>>>>>>>>> [ EOF - 192 lines ]

[ END at: 14:38:44 | 08/09/2008 ] - [ Time elapsed: 25.5 seconds ]

et oui en effet au démarrage de windows on indique que mon parefeu est désactiver puis se réactive tout seul par la suite j'ai également vue que mon uc était très élever au début mais là ça va mieux je te remercie encore de prendre ton temps pour moi.
0
Réponse 15 / 26
sinza93 Messages postés 247 Statut Membre 28
 
et le rapport hitjackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:38, on 08/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\Compaq_Propriétaire\Bureau\install_fr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
0
Réponse 16 / 26
sinza93 Messages postés 247 Statut Membre 28
 
bonsoir geoffrey voilà le rapport

--------- AD-Remover 1.0.0.9 by C_XX ---------

__ START at: 17:40:54 | 09/09/2008
__ ON: Windows_NT (Windows XP)
__ OPTION: Clean
__ INSTALL LOCATION: C:\Documents and Settings\Compaq_Propri‚taire\Bureau\AD-R\Ad-remover\AD-Remover.bat
__ USER: Compaq_Propri‚taire | PC: NOM-EB85C523610
__ BOOT MODE: Normal
__ DRIVE(S): C:\ D:\

--------- [ PROCESSES ] ---------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\WScript.exe

------------------------ [ 33 ]

>>>>>>>>>>>>>>>> CHECKING SERVICES

>>>>>>>>>>>>>>>> REGISTRY

Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Macrogaming"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smileycentral.com"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B"
Deleted ! - "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
Deleted ! - "HKEY_CURRENT_USER\Software\SWEETIE"
Deleted ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}"
Deleted ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
Deleted ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Upgradecodes\A97CEC23332751B47BA4B95BAA50C9D0"
Deleted ! - "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks" /v "{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
Deleted ! - "HKEY_CLASSES_ROOT\SWEETIE.IEToolbar"
Deleted ! - "HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1"
Deleted ! - "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE"
Deleted ! - "HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.1"
Deleted ! - "HKEY_CLASSES_ROOT\ToolBand.SWEETIE"
Deleted ! - "HKEY_CLASSES_ROOT\ToolBand.SWEETIE.1"
Deleted ! - "HKEY_CLASSES_ROOT\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}"
Deleted ! - "HKEY_CLASSES_ROOT\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}"
Deleted ! - "HKEY_CLASSES_ROOT\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}"
Deleted ! - "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net"
Deleted ! - "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smileycentral.com"
Deleted ! - "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net"
Deleted ! - "HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smileycentral.com"
Deleted ! - "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net"
Deleted ! - "HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\smileycentral.com"

>>>>>>>>>>>>>>>> FILES\FOLDERS

Deleted ! - "C:\Program Files\Macrogaming"
Deleted ! - "C:\Documents and Settings\Compaq_Propri‚taire\Cookies\compaq_propri‚taire@hpfr.boonty[1].txt"
Deleted ! - "C:\Documents and Settings\Compaq_Propri‚taire\Cookies\compaq_propri‚taire@payment.boonty[1].txt"
Deleted ! - "C:\Documents and Settings\Compaq_Propri‚taire\Cookies\compaq_propri‚taire@sweetim[2].txt"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\1eu19.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\20j49.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\2pw15.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\50e7.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\5vq1E.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\6054.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\7rc17.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\97z38.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\9op89.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\bye1.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cel8E.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cw793.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cwr8C.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\fwoE.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\lad2.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\lhu31.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\m1z87.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\m8d33.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\mwu2F.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\nsh4D.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-1"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-10"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-11"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-12"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-13"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-14"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-15"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-16"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-17"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-18"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-19"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-2"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-20"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-21"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-22"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-23"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-24"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-25"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-26"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-27"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-28"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-29"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-3"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-30"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-31"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-32"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-33"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-34"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-35"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-36"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-37"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-38"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-39"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-4"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-40"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-41"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-42"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-43"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-44"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-45"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-46"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-47"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-48"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-49"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-5"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-50"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-51"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-52"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-53"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-54"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-55"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-56"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-57"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-6"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-7"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-8"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\plugtmp-9"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\sjv42.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\tmp83015.WMC"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ywx44.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\_AIA.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DFA8BC.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~nsu.tmp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\audacity_1_2_temp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ff_temp"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 1 pour GTA2INSTALLER.ZIP"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\R‚pertoire temporaire 2 pour GTA2INSTALLER.ZIP"
Deleted ! - "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\_ir_sf7_temp_0"
NOT deleted ! - "C:\WINDOWS\temp\JET9059.tmp"
NOT deleted ! - "C:\WINDOWS\temp\JET9172.tmp"
Deleted ! - "C:\WINDOWS\temp\WMT4D.tmp"
Deleted ! - "C:\WINDOWS\temp\WMT4E.tmp"
Deleted ! - "C:\WINDOWS\temp\~sraxdir.tmp"
Deleted ! - "C:\WINDOWS\temp\Temporary Internet Files"

+---- Scanning prefs.js ... ( # Mozilla User Preferences ) ----+

\...\dbzvtfh0.default\prefs.js :

>>>>>>>>>>>>>>>> [ EOF - 191 lines ]

[ END at: 17:46:37 | 09/09/2008 ] - [ Time elapsed: 5 minutes, 42 seconds ]
0
Réponse 17 / 26
sinza93 Messages postés 247 Statut Membre 28
 
rapprt hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:24, on 09/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\Compaq_Propriétaire\Bureau\install_fr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
0
Réponse 18 / 26
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

refais une recherche avec toolbarSD stp
0
Réponse 19 / 26
sinza93 Messages postés 247 Statut Membre 28
 
merci à toi bonjour

voici le rapport toolbar sd

-----------\\ ToolBar S&D 1.1.7 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 2.93GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Compaq_Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 080909-0] 4.8.1229 (Activated)

"C:\ToolBar SD" ( MAJ : 04-09-2008|15:03 )
Option : [1] ( 10/09/2008|15:09 )

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(Compaq_Propri‚taire) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

1 - "C:\ToolBar SD\TB_1.txt" - 05/09/2008| 6:00 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 07/09/2008|20:48 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 10/09/2008|15:11 - Option : [1]

-----------\\ Fin du rapport a 15:11:17,79

0
Réponse 20 / 26
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

on va faire autrement...

télécharge OtMoveIt

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau à cette adresse :

(c est le numéro 7 en bas de la page) : https://www.androidworld.fr/

Double-clique sur OTMoveIt.exe pour le lancer.
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

c:\program files\asksbar\srchastt\1.bin\a2srchas.dll
c:\program files\asksbar\bar\1.bin\asksbar.dll
c:\program files\daemon tools toolbar\dttoolbar.dll

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite :

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"=-
[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler à ca une fois enregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

ensuite redémarre le pc et refais un nouveau rapport hijackthis stp
-1

Discussions similaires

FOTOSE (allemagne)
lix -
Yves -

13 réponses
Formaté mais pas de connexion Internet ?
VissErale -
VissErale -

4 réponses
ATTENTION : escroquerie à la carte bleue !!
dvrg -
dvrg -

80 réponses