Jump to content

Archived

This topic is now archived and is closed to further replies.

Guest

HijackThis & GSI

Recommended Posts

Barrette mémoire HS pour Eagle4_92

C'était en plus noté clairement sur son Screen plus haut ! ^^

:)

Share this post


Link to post
Share on other sites

Virus.Win32.Ramnit.E

Bonjour,

Mon ordinateur a laisse passer un malware qui me force a ouvrir une fenêtre de commande windows. Voici le script Hijackthis , j ai vraiment besoin d aidse mon antivirus avira n arrete pas de me trouver des logiciels malveillant toute les 5minutes qui finisse par Virus.Win32.Ramnit.E :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:17:43, on 07/09/2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16839)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\svchost.exe

C:\Windows\SysWOW64\svchost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

C:\Users\David\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vshare.toolbarhome.com/?hp=df

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [bienvenue] C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKCU\..\Run: [KdtOhacq] C:\Users\David\AppData\Local\cwccwasa\kdtohacq.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9215 bytes

un grand merci d'avance a Snooky ou un autre

Share this post


Link to post
Share on other sites

Fixe cette ligne avec Hijacthis > O4 - HKCU\..\Run: [KdtOhacq] C:\Users\David\AppData\Local\cwccwasa\kdtohacq.exe

Redémarre le pc.

Télécharge et exécute AD-Remover > clique sur Nettoyer ( poste le rapport créé )

Redémarre le pc.

Télécharge et exécute MBAM > supprime tout ce qu'il trouve ( poste le rapport créé par MBAM )

Share this post


Link to post
Share on other sites

Bonjour à tous.

Je galère sur un pc bourré de pubs intempestives (le pire, c'est que je l'ai installé à neuf il y a un mois, mais bon).

Après les scans KAV, MSE, MBAM, SPYBOT, Ccleaner, rien n'y fait les pubs persistent.

Le rapport GSI est ici

http://www.getsysteminfo.com/read.php?file=b0a3b77eb2937d67fda6e7e6256b3140

Et le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:46:46, on 23/09/2011Platform: Unknown Windows (WinNT 6.01.3505 SP1)MSIE: Internet Explorer v9.00 (9.00.8112.16421)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\PCTuto\pctuto.exeC:\Program Files\Ask.com\Updater\Updater.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\SuperCopier2\SuperCopier2.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\SFR\Kit\9props.exeC:\Program Files\DAEMON Tools Lite\DTLite.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\MARTIAL\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HG7PX0Y2\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - (no file)O2 - BHO: Aide à la navigation SFR - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files\SFR\Kit\SFRNavErrorHelper.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dllO2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (file missing)O3 - Toolbar: Support.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dllO4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [PCTuto] "C:\Program Files\PCTuto\pctuto.exe"O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exeO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exeO4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\SFR\Kit\9props.exe" /trayiconO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunO4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe -update activexO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exeO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dllO9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO13 - Gopher Prefix: O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: Emsisoft Anti-Malware 5.1 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exeO23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe--End of file - 8771 bytes

Merci d'avance de bien vouloir m'aider.

Share this post


Link to post
Share on other sites

Salut,

désinstalle PC TUTO !

désinstalle également :

Microsoft Security Essentials

Emsisoft Anti-Malware

Spybot - Search & Destroy et Ad-Aware

Exécute AD-Remover > Nettoyer > poste le rapport créé.

Share this post


Link to post
Share on other sites

Voilà, Snooky

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======Mis à jour par TeamXscript le 12/04/11Contact: AdRemover[DOT]contact[AT]gmail[DOT]comSite web: http://www.teamxscript.orgC:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 13:33:57 le 23/09/2011, Mode normalMicrosoft Windows 7 Édition Familiale Premium  Service Pack 1 (X86) MARTIAL@CAIREY-PC (System manufacturer System Product Name) ============== ACTION(S) ==============Fichier supprimé: C:\Windows\system32\ConduitEngine.tmpDossier supprimé: C:\Users\MARTIAL\AppData\Local\ConduitDossier supprimé: C:\Users\MARTIAL\AppData\LocalLow\ConduitDossier supprimé: C:\Users\THERESE\AppData\Roaming\OpenCandyDossier supprimé: C:\Users\MARTIAL\AppData\Local\PCTutoDossier supprimé: C:\Users\MARTIAL\AppData\Roaming\OfferBoxDossier supprimé: C:\Users\MARINA\AppData\Roaming\OfferBoxDossier supprimé: C:\Users\THERESE\AppData\Roaming\OfferBox(!) -- Fichiers temporaires supprimés.Clé supprimée: HKLM\Software\Classes\Conduit.EngineClé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHOClé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1Clé supprimée: HKLM\Software\Classes\Toolbar.CT2851639Clé supprimée: HKLM\Software\Classes\AppID\EoEngineBHO.DLLClé supprimée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}Clé supprimée: HKLM\Software\ConduitClé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto============== SCAN ADDITIONNEL ==============**** Internet Explorer Version [9.0.8112.16421] ****HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhomeHKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896HKCU_Main|Start Page - hxxp://fr.msn.com/HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htmHKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM_Main|Start Page - hxxp://fr.msn.com/HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (x)HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)HKLM_ElevationPolicy\{B2321D2F-1154-4d97-AD3E-2FE0BAE2897B} - C:\Program Files\SFR\Kit\9launch.exe (SFR)BHO\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - "Objet d'aide à la navigation SFR" (C:\Program Files\SFR\Kit\SFRNavErrorHelper.dll)BHO\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - "Yontoo Layers" (C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll) (x)========================================C:\Program Files\Ad-Remover\Quarantine: 15 Fichier(s)C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)C:\Ad-Report-CLEAN[1].txt - 23/09/2011 13:34:00 (3362 Octet(s)) C:\Ad-Report-SCAN[1].txt - 23/09/2011 13:33:07 (3645 Octet(s)) Fin à: 13:35:01, 23/09/2011 ============== E.O.F ============== 

edit:

Une heure a passé depuis le nettoyage, et pas une seule pub n'est réapparue (alors que d'habitude, elles apparaissent au bout de 20-30 minutes maxi). J'attends encore une heure pour confirmer que ce logiciel, ad-remover, est fantastique. Merci d'avance.

Share this post


Link to post
Share on other sites

@ Bourriks:

Télécharge sur ton Bureau ComboFix et exécute le.

Désinstalle ensuite combofix > Dans Démarrer / Exécuter > combofix /uninstall

Voili, voilou :)

Share this post


Link to post
Share on other sites

Bonjour,

Cela fait plusieurs jours que je bataille avec l'ordi portable a ma copine mais je n'arrive pas a m'en sortir.

En effet, les connections a internet sont bloqués. Apart les mises a jours de Windows Update et Internet explorer, rien ne fonctionnes.

Je pensais a "l'antivirus" orange qui est installé, mais aparrament ca ne vient pas de la.

J'ai scanné avec Spybot, Malaware Anti-Malware, mais je ne trouve rien.

Je joins le log HijackThis, si vous pourriez trouver le probleme ce serait super, ca fait des jours que je bataille.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:51:14, on 23/09/2011

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Users\Tiffany\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=94&bd=Pavilion&pf=cnnb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=94&bd=Pavilion&pf=cnnb

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=94&bd=Pavilion&pf=cnnb

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll

R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files (x86)\uTorrentBar_FR\tbuTor.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files (x86)\uTorrentBar_FR\tbuTor.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files (x86)\Messenger_Plus_Live\tbMess.dll

O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)

O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files (x86)\uTorrentBar_FR\tbuTor.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Orange\Antivirus Firewall\NRS\iescript\baselitmus.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Tiffany\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/mjss/MJSS.cab109791.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15114 bytes

Merci par avance

Share this post


Link to post
Share on other sites

:modoreussi: il y a une centralisation pour cela , 2 lignes en dessous ( pour l'instant ) mais par contre je n'ai pas réponse à ton problème.....Désolé :ane:

Share this post


Link to post
Share on other sites

Vous avez essayé en Ethernet ?

Si oui, il faudrait enlever Malware Byte ainsi que l'antivirus Orange F-Secure... pour voir ;)

Share this post


Link to post
Share on other sites

Bonjour,

Voilà j’ai un problème avec mon pc, il plant souvent au démarrage ces 10 derniers jours donc j’ai fait un rapport GSi.

Merci d’avance de votre aide

rapport gsi

et j'ai fait un rapport ad-remover si ça peut aider .

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 08:57:22 le 24/09/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X64)

florian@FLORIAN-VAIO (Sony Corporation VPCF13M0E)

============== RECHERCHE ==============

Fichier trouvé: C:\Windows\SysWOW64\ConduitEngine.tmp

Dossier trouvé: C:\Users\florian\AppData\Local\Conduit

Dossier trouvé: C:\Users\florian\AppData\LocalLow\Conduit

Dossier trouvé: C:\Program Files (x86)\Conduit

Dossier trouvé: C:\Users\florian\AppData\LocalLow\ConduitEngine

Dossier trouvé: C:\Program Files (x86)\ConduitEngine

Dossier trouvé: C:\Users\florian\AppData\LocalLow\PriceGong

Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Clé trouvée: HKLM\Software\Classes\CLSID\{AC6240AE-33B6-40D3-8683-31BBE86049A0}

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6240AE-33B6-40D3-8683-31BBE86049A0}

Clé trouvée: HKLM\Software\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}

Clé trouvée: HKLM\Software\Classes\Conduit.Engine

Clé trouvée: HKLM\Software\Classes\Toolbar.CT2851639

Clé trouvée: HKLM\Software\Conduit

Clé trouvée: HKLM\Software\conduitEngine

Clé trouvée: HKCU\Software\AppDataLow\Toolbar

Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit

Clé trouvée: HKCU\Software\AppDataLow\Software\conduitEngine

Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong

Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D60FB755-0917-4748-A1ED-33BFEF033961}

Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D}

============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [5.0.1 (fr)] ****

HKLM_MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0 (x)

Searchplugins\bing.xml ( hxxp://www.bing.com/search)

Components\browsercomps.dll (Mozilla Foundation)

HKLM_Extensions|{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}

-- C:\Users\florian\AppData\Roaming\Mozilla\FireFox\Profiles\kuzf8kor.default --

Prefs.js - browser.startup.homepage_override.buildID, 20110707182747

Prefs.js - browser.startup.homepage_override.mstone, rv:5.0.1

========================================

**** Internet Explorer Version [9.0.8112.16421] ****

HKCU_Main|Default_Page_URL - hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE

HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKCU_Main|Start Page - hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157

HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157

HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll)

HKLM_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll)

HKCU_SearchScopes\{3B96DE9A-252D-4901-BA13-353D688BF115} - "Shopping.com" (hxxp://fr.shopping.com/?linkin_id=8056351)

HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "uTorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)

HKCU_SearchScopes\{E83C4F8E-0948-4151-82C5-012636E15797} - "Zinio" (hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices)

HKCU_SearchScopes\{FF5F2F98-6A88-494E-B932-B3085315A783} - "eBay" (hxxp://rover.ebay.com/rover/1/709-42536-16445-17/4?satitle={searchTerms})

HKLM_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "uTorrentBar_FR Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)

HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll)

HKCU_Toolbar\WebBrowser|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll)

HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll)

HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll)

HKLM_Toolbar|{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} (C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{64DA00B7-88FE-49a8-8515-68A5C8C305DB} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)

HKLM_ElevationPolicy\{6A7C9604-8A57-4B28-821B-BDEDF0E04788} - C:\Program Files\Microsoft Office\Office14\winproj.exe (x)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{77A742BE-2804-4393-87E2-55742F721F70} - C:\Program Files (x86)\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)

HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)

HKLM_ElevationPolicy\{D60FB755-0917-4748-A1ED-33BFEF033961} - C:\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe (?)

HKLM_ElevationPolicy\{E6856B61-272B-4e4f-AADE-1D73054BCAD1} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)

HKLM_ElevationPolicy\{E9780EBB-ABF8-4F3C-9F90-B91EDEE67DA0} - C:\Users\florian\AppData\Local\Conduit\CT2851639\uTorrentBar_FRAutoUpdateHelper.exe (?)

HKLM_ElevationPolicy\{ED4ABFF1-2CA0-4476-98EB-E9208D434752} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)

HKLM_ElevationPolicy\{F3CD2902-C553-4d6a-B139-934BED1FAADF} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)

HKLM_ElevationPolicy\{F7897EF1-FE28-4f1a-9615-E45744D29F15} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)

HKLM_Extensions\{A95fe080-8f5d-11d2-a20b-00aa003c157a} - "@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" (C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll,205)

BHO\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files (x86)\uTorrentBar_FR\prxtbuTor.dll)

BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Program Files (x86)\Ad-Remover\Backup: 0 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 24/09/2011 08:57:55 (7888 Octet(s))

Fin à: 08:58:32, 24/09/2011

============== E.O.F ==============

Share this post


Link to post
Share on other sites

@ bewwonz

Salut,

clique sur Nettoyer dans Ad-Remover.

Télécharge sur ton Bureau ComboFix et exécute le.

Désinstalle ensuite combofix > Dans Démarrer / Exécuter > combofix /uninstall

Share this post


Link to post
Share on other sites

Vous avez essayé en Ethernet ?

Si oui, il faudrait enlever Malware Byte ainsi que l'antivirus Orange F-Secure... pour voir ;)

Merci pour la réponse rapide.

En effet cela se produit avant que Malware Bytes a été installé, pour l'antivirus orange, son pere est contre la desinstallation de celle ci, soit disant, il s'y connait mieux.

Je vais essayer.

Share this post


Link to post
Share on other sites

Ca devrait être ok, là ... non ?

Reviens nous dire si le pc plante encore ... ( donne des infos sur les éventuels plantages ;) )

Edit : supprime le dossier Conduit Engine et désinstalle Glary Utilities et uTorrent ToolBar et désactive les services MBAM et Windows Search :)

Share this post


Link to post
Share on other sites

@ Rody9933 :

Désinstalle Spybot !

Lance AD-Remover et clique sur Nettoyer. ( poste le rapport créé )

Merci :).

Voilà le rapport:

.

======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 =======

.

Mis à jour par C_XX le 19/05/10 à 19:20

Contact: AdRemover.contact@gmail.com

Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

.

Lancé à: 14:16:18 le 25/09/2011 | Mode normal | Option: CLEAN

Exécuté de: C:\Ad-Remover\ADR.exe

SE: Microsoft Windows 7 Édition Familiale Premium (Service Pack 1 - X64)

Nom du PC: TIFFANY-PC (Hewlett-Packard HP Pavilion dv6 Notebook PC)

Utilisateur actuel: Tiffany

.

============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============

.

.

C:\ProgramData\Trymedia

(!) -- Fichiers temporaires supprimés.

.

HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKLM\Software\bandoo

HKLM\Software\Classes\CLSID\{03EC05EA-C2A7-49A8-971F-580D5891F2FB}

HKLM\Software\Classes\CLSID\{05AC64C2-A330-4DDE-A4D3-679C7A7FEBBC}

HKLM\Software\Classes\CLSID\{05D87416-B45D-4146-8468-F388BF68D8B7}

HKLM\Software\Classes\CLSID\{07CD72D1-94A0-4B32-8CAD-59808F893E5B}

HKLM\Software\Classes\CLSID\{090A8723-05E7-4648-B4B8-8FC23000E907}

HKLM\Software\Classes\CLSID\{0F33610F-301B-41E1-A7A5-00CFA20610FD}

HKLM\Software\Classes\CLSID\{1422006E-7553-4795-AEEB-59A2F4CC072E}

HKLM\Software\Classes\CLSID\{16D4A89B-1527-429C-BCD7-CCC076ADBBA8}

HKLM\Software\Classes\CLSID\{1A9FF35C-BB3A-4E5B-805E-E4DE0A12A191}

HKLM\Software\Classes\CLSID\{1CD6B362-8731-47B4-9E4F-D51377629C07}

HKLM\Software\Classes\CLSID\{1F578D0C-EB2F-4B3B-8DB9-CB8B306AD6C2}

HKLM\Software\Classes\CLSID\{20D09D9A-4AE0-41D4-B8E5-9BEC7850627D}

HKLM\Software\Classes\CLSID\{24461273-F1B1-46C6-A8E7-05D0D9994CCD}

HKLM\Software\Classes\CLSID\{25304B15-F1C2-4D7D-B7CE-775670071BE9}

HKLM\Software\Classes\CLSID\{29FA2B64-2F2B-4160-99D5-EC7EA373A693}

HKLM\Software\Classes\CLSID\{2C9C388C-630F-414B-B6CC-B206F987F294}

HKLM\Software\Classes\CLSID\{2D0369B3-BC7D-443A-BD0E-66C1CFB941AE}

HKLM\Software\Classes\CLSID\{2DCD271D-3755-4A39-A34E-54998F91B58D}

HKLM\Software\Classes\CLSID\{33C71F2B-EC92-4FD2-B949-EB50714C9670}

HKLM\Software\Classes\CLSID\{3401D2BA-3644-4D6B-BC7A-DDF7532E250D}

HKLM\Software\Classes\CLSID\{34ECC6C4-F02A-4149-AD00-171CB8E8235E}

HKLM\Software\Classes\CLSID\{352463FC-1F2A-42F8-8443-E8508C9DEB94}

HKLM\Software\Classes\CLSID\{355605B5-33F6-44E9-B45E-F9BF2A8A1DBF}

HKLM\Software\Classes\CLSID\{388FF2E2-7934-4330-BA6D-46A9A69B8D5D}

HKLM\Software\Classes\CLSID\{3AB4DD5E-1581-4481-B5A5-7DF552C60810}

HKLM\Software\Classes\CLSID\{44AD2F89-0262-4BC6-833E-EDFBE0CCDE30}

HKLM\Software\Classes\CLSID\{48DA28B0-77F6-4EC4-AFB3-0B83CAC55AAA}

HKLM\Software\Classes\CLSID\{4A693D9A-8154-4D25-8630-CC533CC545BC}

HKLM\Software\Classes\CLSID\{4DC54676-FE9D-4215-BFB5-6FFF655ED168}

HKLM\Software\Classes\CLSID\{50156BF7-5EBF-480F-B916-DC8B54BC60F9}

HKLM\Software\Classes\CLSID\{50235354-B481-459A-A4A2-6D0A40DCC196}

HKLM\Software\Classes\CLSID\{539BC74C-D31B-4C18-9409-2203918F581D}

HKLM\Software\Classes\CLSID\{54CA1E58-AF66-4D48-A110-9D27BEA99FC2}

HKLM\Software\Classes\CLSID\{56D43D37-FC44-4677-84F8-E6A6DAE98AC2}

HKLM\Software\Classes\CLSID\{6214E226-594F-4AB2-AD56-B7047D9E18C6}

HKLM\Software\Classes\CLSID\{62194F92-497B-4A71-A070-B04DB89DC97D}

HKLM\Software\Classes\CLSID\{631C66E1-B5F3-48AD-9B8B-448728CB427A}

HKLM\Software\Classes\CLSID\{66464DC5-202B-4C21-9115-9F952EDD8347}

HKLM\Software\Classes\CLSID\{666336DE-A4DC-4EC7-809C-78EAB95C37FB}

HKLM\Software\Classes\CLSID\{69A597A0-D1B6-11D4-8297-0050BAC1E668}

HKLM\Software\Classes\CLSID\{6CA6797D-CC8D-4504-B7F7-162527280E43}

HKLM\Software\Classes\CLSID\{6D817D2F-F8E2-4EC5-BE29-6209B218011C}

HKLM\Software\Classes\CLSID\{70F19422-7C80-4033-A4F9-2AADA5BB151A}

HKLM\Software\Classes\CLSID\{727283A5-2269-4761-A81C-351B0D8DF364}

HKLM\Software\Classes\CLSID\{73347C69-E590-4582-BCF1-A8DBDB1EED9A}

HKLM\Software\Classes\CLSID\{737BC37A-80E9-446F-97A1-1004273545FB}

HKLM\Software\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

HKLM\Software\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

HKLM\Software\Classes\CLSID\{794E05D5-1543-4AC8-8943-9E8A502134FE}

HKLM\Software\Classes\CLSID\{794E05D6-1543-4AC8-8943-9E8A502134FE}

HKLM\Software\Classes\CLSID\{794E05D7-1543-4AC8-8943-9E8A502134FE}

HKLM\Software\Classes\CLSID\{7A49B04C-D9ED-4FD7-8915-61D00A5BEF43}

HKLM\Software\Classes\CLSID\{7C9F63C6-786B-4752-908E-460A061FA9D7}

HKLM\Software\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}

HKLM\Software\Classes\CLSID\{7D3CB5B9-B6DC-4F08-AD30-1586BA965AD6}

HKLM\Software\Classes\CLSID\{80E4257C-E683-4F62-8AB8-18BABAFD03A4}

HKLM\Software\Classes\CLSID\{8137FFC5-95E2-42FD-A878-1C08A689820C}

HKLM\Software\Classes\CLSID\{83F02D95-4CF2-45D5-BF14-BB9CBECB5F28}

HKLM\Software\Classes\CLSID\{877BBEA5-90B6-41B5-930D-A4A0A7EA2E5A}

HKLM\Software\Classes\CLSID\{8C306DB3-AA65-4A98-8713-5CD02BC81EC8}

HKLM\Software\Classes\CLSID\{8C4D1053-663C-4C82-A24C-4EBA392A73BA}

HKLM\Software\Classes\CLSID\{8D928D4C-C251-4EF7-B47A-A665DDA08D6C}

HKLM\Software\Classes\CLSID\{8EB0C7F5-DABE-4D5F-8432-AAB0A0DACF4B}

HKLM\Software\Classes\CLSID\{9089631F-4026-4C23-9A36-23C20DF35E8C}

HKLM\Software\Classes\CLSID\{949DCA39-87F9-44EF-9E57-E0FC43005F79}

HKLM\Software\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

HKLM\Software\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

HKLM\Software\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

HKLM\Software\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

HKLM\Software\Classes\CLSID\{98DC567D-D654-427D-8087-1CACFC73034D}

HKLM\Software\Classes\CLSID\{9BC1B783-85E3-11D2-98D0-0080C84E9C39}

HKLM\Software\Classes\CLSID\{A042B462-2070-4742-8229-9C69A32E9747}

HKLM\Software\Classes\CLSID\{A65D9C5C-9F5E-4E34-B8C2-0DBE46EA09CA}

HKLM\Software\Classes\CLSID\{AAA13995-B35D-4C05-8EEB-39607C700DEB}

HKLM\Software\Classes\CLSID\{AC583A28-F947-433A-9D11-60E71AB7FC77}

HKLM\Software\Classes\CLSID\{ADE9F366-DCAD-49B5-B362-D06AF278FE71}

HKLM\Software\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

HKLM\Software\Classes\CLSID\{B578E5C8-BC99-4941-9543-33B024EC7334}

HKLM\Software\Classes\CLSID\{B5DB4F86-DC85-48D1-BDB4-661E1AE5C625}

HKLM\Software\Classes\CLSID\{B6889261-2560-4753-B685-9C18553E75CB}

HKLM\Software\Classes\CLSID\{BA7AAAAA-2C23-448C-B6F9-E4FA8F49B3B9}

HKLM\Software\Classes\CLSID\{BBB0747F-15EF-497F-8356-BD7C4A802CC4}

HKLM\Software\Classes\CLSID\{BCC5376B-A466-439B-886D-3E10DC1B56A5}

HKLM\Software\Classes\CLSID\{BDF47211-C63E-4F0E-B4B3-2D8DDB0FF35B}

HKLM\Software\Classes\CLSID\{BF4F0308-2765-4E65-80A7-A20C41630C25}

HKLM\Software\Classes\CLSID\{C04D3593-F821-403A-90A6-3BDCEAF0992E}

HKLM\Software\Classes\CLSID\{C36E9451-6EF9-43F8-9CAB-A689717F6E27}

HKLM\Software\Classes\CLSID\{C4AB197B-60EE-49E1-A776-C4C7BA67D8D3}

HKLM\Software\Classes\CLSID\{C5A4EEB3-2E7A-46D8-AB5A-BA1DA712336D}

HKLM\Software\Classes\CLSID\{C81C8C5A-B354-4DEB-96D3-8BD8D0C8ABD0}

HKLM\Software\Classes\CLSID\{C9E52DAE-9726-42F2-A0A5-DB62FA3AA63E}

HKLM\Software\Classes\CLSID\{C9F2D874-8280-4C8C-999F-ED7FF97D353E}

HKLM\Software\Classes\CLSID\{D12B5396-C8EF-4D6D-B540-0F0FF6A9F2CC}

HKLM\Software\Classes\CLSID\{D7A3BD9A-E8A3-49E9-8261-CD2A7AC78403}

HKLM\Software\Classes\CLSID\{D7C75CC9-4430-402D-A7F8-3E51B65810B8}

HKLM\Software\Classes\CLSID\{D7F5802B-1E83-4795-8EEE-F5D4B2122C4F}

HKLM\Software\Classes\CLSID\{DA7C1C8E-4469-4E18-8D2D-B5927F20CC9E}

HKLM\Software\Classes\CLSID\{DA8ED552-84FA-4C99-BC32-606C31F30293}

HKLM\Software\Classes\CLSID\{DB0D365A-F999-4F30-B8DD-B21836903ED1}

HKLM\Software\Classes\CLSID\{DE8C8AF0-5F5D-40B2-83E8-827CAAAF825F}

HKLM\Software\Classes\CLSID\{E10CADCE-2734-4095-A5E9-4BB47D1B933B}

HKLM\Software\Classes\CLSID\{E1232604-80BF-43EF-8711-FC842EDCB5EF}

HKLM\Software\Classes\CLSID\{E2A32F53-FCB1-4AAF-98E9-8E4BB843C91D}

HKLM\Software\Classes\CLSID\{E2B29223-3056-40F6-B7D5-1DBBCD8595E0}

HKLM\Software\Classes\CLSID\{E339D44A-9819-4CDC-876C-0F563EEAF757}

HKLM\Software\Classes\CLSID\{E5788A5B-17D1-42B6-B7A6-9DCD0192A559}

HKLM\Software\Classes\CLSID\{E73FF9FF-25C3-4E29-A14A-07AC73077348}

HKLM\Software\Classes\CLSID\{F3014D3E-8133-4B82-B455-25FFEC407984}

HKLM\Software\Classes\CLSID\{F358F902-E86D-4F4B-A733-60170EB0D228}

HKLM\Software\Classes\CLSID\{F6BB00E0-2DE3-40F1-BB2C-99D6CE67B521}

HKLM\Software\Classes\CLSID\{F6BB00E2-2DE3-40F1-BB2C-99D6CE67B521}

HKLM\Software\Classes\CLSID\{F6BB00E3-2DE3-40F1-BB2C-99D6CE67B521}

HKLM\Software\Classes\CLSID\{F6BB00E4-2DE3-40F1-BB2C-99D6CE67B521}

HKLM\Software\Classes\CLSID\{F6BB00E5-2DE3-40F1-BB2C-99D6CE67B521}

HKLM\Software\Classes\CLSID\{F6EB0866-A07A-4756-AA48-A80C97CF12EA}

HKLM\Software\Classes\CLSID\{F76A4DA4-F7B1-49E0-87EA-0C285755AF9C}

HKLM\Software\Classes\CLSID\{F781DF93-24DE-4133-8E53-A75163A7F187}

HKLM\Software\Classes\CLSID\{F87A19AB-8D08-4612-BB5C-CB9F72AC4661}

HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393}

HKLM\Software\Classes\Interface\{29FA2B64-2F2B-4160-99D5-EC7EA373A693}

HKLM\Software\Classes\Interface\{539BC74C-D31B-4C18-9409-2203918F581D}

HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

HKLM\Software\Trymedia Systems

.

.

============== SCAN ADDITIONNEL ==============

.

* Mozilla FireFox Version 3.6.18 (fr) *

.

C:\Users\Tiffany\..\5d01xydg.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr

C:\Users\Tiffany\..\5d01xydg.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.18

.

.

* Internet Explorer Version 8.0.7601.17514 *

.

[HKCU\Software\Microsoft\Internet Explorer\Main]

.

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Do404Search: 0x01000000

Enable Browser Extensions: yes

Local Page: C:\Windows\system32\blank.htm

Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896

Show_ToolBar: yes

Start Page: hxxp://fr.msn.com/

Use Custom Search URL: 1

Use Search Asst: no

.

[HKLM\Software\Microsoft\Internet Explorer\Main]

.

AutoHide: yes

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Delete_Temp_Files_On_Exit: yes

Enable Browser Extensions: yes

Local Page: C:\Windows\SysWOW64\blank.htm

Search bar: hxxp://search.msn.com/spbasic.htm

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Start Page: hxxp://fr.msn.com/

Use Custom Search URL: 1

Use Search Asst: no

.

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]

.

Tabs: res://ieframe.dll/tabswelcome.htm

Blank: res://mshtml.dll/blank.htm

.

========================================

.

C:\Ad-Remover\Quarantine: 8 Fichier(s)

C:\Ad-Remover\Backup: 14 Fichier(s)

.

C:\Ad-Report-CLEAN[1].txt - 10753 Octet(s)

C:\Ad-Report-SCAN[1].txt - 10916 Octet(s)

.

Fin à: 14:35:40, 25/09/2011

.

============== E.O.F - CLEAN[1] ==============

Share this post


Link to post
Share on other sites

Salut, j'ai un gros problème : après un certain temps, mon pc plante quand je lance un programme. Ça a commencé hier, j'ai essayé de lancer la restauration système mais le programme plante avant de se lancer (je ne sais pas si c'est récent, jamais utilisé)

Edit: j'ai remarqué que malwarebytes AM se lançait encore (bien que je l'ai désactivé) en même temps qu'avast, ce qui, me semble-t-il, est une assez mauvaise chose. Je ne saurais pas dire si le premier plantage remonte à la mise à jour de malwarebytes qui a visiblement réactivé son lancement au démarrage, mais c'est fort possible. Quoi qu'il en soit, j'avais déjà d'autre problèmes auparavant (raison pour laquelle j'avais lancé malwarebytes AM). Plus précisément, mon problème à l'origine était que windows installer se lance quand j'utilise Flash Renamer (ce qui est un problème connu mais pour lequel aucune solution n'est proposée, l'éditeur accusant microsoft et microsoft ignorant le problème). Comme ce comportement est lui aussi tout nouveau, je me suis mis à chercher une éventuelle infection, ce qui a conduit à ce qui précède.

TL;DR: S'il y a une incompatibilité entre Avast et Malwarebytes AM, c'est réglé (MBAM désinstallé), mais mon PC a vraisemblablement un autre problème, donc si vous pouviez vérifier le reste...

Voilà le lien pour le rapport gsi: http://www.getsysteminfo.com/read.php?file=7202ad2369449140a7287849a9eda49b

Et le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:44:02, on 30/09/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\atwtusb.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Samurize\RunEmbeddingClient.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Samurize\SamurizeServer.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iRotate\iRotate.exe

C:\Program Files\YZToolbar\YzToolBar.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\William\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

F:\HiJackThis.exe

C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Family Toolbar\tbhelper.dll

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Family Toolbar\tbcore3.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\MDToolbar\MdToolbar.dll

O3 - Toolbar: Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [EmbeddingClient-clock] "C:\Program Files\Samurize\RunEmbeddingClient.exe" i=clock

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\William\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [EPSON SX510W Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\DOCUME~1\William\LOCALS~1\Temp\E_S1D3.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: iRotate.lnk = C:\Program Files\iRotate\iRotate.exe

O4 - Startup: YzToolBar.lnk = C:\Program Files\YZToolbar\YzToolBar.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O15 - Trusted Zone: http://download.windowsupdate.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Service Google Update (gupdate1c9963b74b9da46) (gupdate1c9963b74b9da46) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Fichiers communs\element5 Shared\Service\Licence Manager ESD.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--

End of file - 11921 bytes

Merci.

Share this post


Link to post
Share on other sites

Désinstalle Spybot et SpywareBlaster.

msconfig dans Exécuter, onglet Démarrage, puis décoche ce qui n'a pas besoin de se lancer au démarrage du pc.

Exécute ComboFix, puis poste le rapport créé.

Share this post


Link to post
Share on other sites

Le scan de combofix devrait durer combien de temps ? J'aimerais savoir pour m'organiser.

Accessoirement, est-ce que le freeze au lancement des logiciels pouvait bien être le résultat d'une incompatibilité entre avast et mbam ?

Share this post


Link to post
Share on other sites

×
×
  • Create New...