Jump to content

Archived

This topic is now archived and is closed to further replies.

snooky

[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

Recommended Posts

Ton rapport est clean.

Mais tu n'as pas désinstallé Antivir , et Kaspersky5 n'est pas installé sur le C:\

Share this post


Link to post
Share on other sites

Fait les manipes en mode sans échec pour supprimer norton.

Passe Regseeker.

Poste un nouveau rapport.

Share this post


Link to post
Share on other sites

oui en mode sans echec mais je ne sais pas comment le faire pouvez vous m'aider svp

Share this post


Link to post
Share on other sites

Tu redémarre le pc , puis reste appuyé sur la touche F8 , puis séléctionne : redémarrer en mode sans échec.

Share this post


Link to post
Share on other sites

voila le scan après avoir supprimer définitivement ce fameux norton donc maintenant j'aimerai connaitre l'état de mon pc et pourquoi les mises à jour ne s'installe plus comme avant voila svp :

Logfile of HijackThis v1.99.1

Scan saved at 20:20:16, on 17/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\System32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

H:\WINDOWS\runservice.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\ZoneLabs\vsmon.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\Explorer.EXE

H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

H:\WINDOWS\ALCXMNTR.EXE

H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

H:\Program Files\iTunes\iTunesHelper.exe

H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

H:\Program Files\MSN Messenger\msnmsgr.exe

H:\Program Files\CursorXP\CursorXP.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

H:\Program Files\iPod\bin\iPodService.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

H:\WINDOWS\System32\wuauclt.exe

H:\WINDOWS\System32\wuauclt.exe

H:\Program Files\iTunes\iTunes.exe

H:\Program Files\Mozilla Firefox\firefox.exe

H:\Documents and Settings\hgvhv nb\Local Settings\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - H:\Program Files\iMesh\iMesh5\iMeshBHO.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - H:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [CursorXP] H:\Program Files\CursorXP\CursorXP.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: &Télécharger avec NetTransport - H:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - H:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{89697977-F014-44EF-B8E6-95B9BDBED63E}: NameServer = 212.217.0.3 212.217.1.12

O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - H:\WINDOWS\runservice.exe

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - H:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

:mdr:

Share this post


Link to post
Share on other sites

Passe Ccleaner.

Fixe cette ligne avec Hijackthis :

O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - H:\Program Files\iMesh\iMesh5\iMeshBHO.dll

Passe CWShredder

Reboot.

Passe Spysweeper.

Share this post


Link to post
Share on other sites

voila j'ai fait ce qu'on ma demandé

é voila:

Logfile of HijackThis v1.99.1

Scan saved at 19:16:17, on 18/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\csrss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\System32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

H:\WINDOWS\runservice.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\ZoneLabs\vsmon.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\Explorer.EXE

H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

H:\WINDOWS\ALCXMNTR.EXE

H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

H:\Program Files\iTunes\iTunesHelper.exe

H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

H:\Program Files\MSN Messenger\msnmsgr.exe

H:\Program Files\CursorXP\CursorXP.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

H:\Program Files\iPod\bin\iPodService.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

H:\WINDOWS\System32\wuauclt.exe

H:\Program Files\iTunes\iTunes.exe

H:\Documents and Settings\hgvhv nb\Local Settings\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - H:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [CursorXP] H:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [spySweeper] "H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: &Télécharger avec NetTransport - H:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - H:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{89697977-F014-44EF-B8E6-95B9BDBED63E}: NameServer = 212.217.0.3 212.217.1.12

O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - H:\WINDOWS\runservice.exe

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - H:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

:zarb::zarb:

Share this post


Link to post
Share on other sites

Tiens, Snooky, j'ai fait une petite recherche, mais il y a tant de topic avec le nom Hijackthis dedans, que je n'en sort pas: Tu voudrais pas nous expliquer succintement comment reperer ce qui est à virer, ou nous filer un lien où l'apprendre? Car j'essaie parfois d'aider des conaissances qui ont des petits problemes, et j'ai pas envie de te saouler non plus systematiquement. :zarb:

Share this post


Link to post
Share on other sites

c'est le rapport d'un pote :

Logfile of Hijack This v1.99.1

Scan saved at 00:37:13, on 19/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

C:\WINDOWS\System32\UAService7.exe

C:\WINDOWS\System32\nvsc32.exe

C:\WINDOWS\System32\ezSP_Px.exe

D:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svccfg.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Steam3\Steam.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Windows Media Player\wmplayer.exe

D:\firefox.exe

C:\Documents and Settings\Ludovic\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Configuration Loader] svccfg.exe

O4 - HKLM\..\Run: [AceGain LiveUpdate] D:\Program Files\jeux\LiveUpdate.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NVidia System Utility] "C:\Program Files\NVIDIA Corporation\NVIDIA System Utility\\NVSystemUtility.exe" clear

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe

O4 - HKLM\..\Run: [NvCplScan] nvsc32.exe

O4 - HKLM\..\Run: [anvshell] anvshell.exe

O4 - HKLM\..\Run: [LiveNote] livenote.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\RunServices: [Configuration Loader] svccfg.exe

O4 - HKLM\..\RunServices: [NvCplScan] nvsc32.exe

O4 - HKLM\..\RunOnce: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [skwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [steam] C:\Program Files\Steam3\\Steam.exe -silent

O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [NvCplScan] nvsc32.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [NvCplScan] nvsc32.exe

O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE

O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Télécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/08cab0825e1b3a...RdxIE601_fr.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe

O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE

O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE

O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

:keskidit:

Share this post


Link to post
Share on other sites

@ritus :

Ton rapport est clean :craint:

As-tu encore des soucis avec windows update ?

Si oui , Quel est le message d'erreur ?

Tu pourrais à présent installer le sp2 , non ?

Hijackthis se place à la racine de ta partition system , c'est à dire à coté des dossiers Windows , Program Files , etc...

Il te reste quelque chose de norton ( à fixer dans Hijackthis ; voir dans le gestionnaire de tâches si présent , puis termine le processus avant de fixer ; regardes également dans msconfig , puis décoche , si présent )

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - H:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)

Share this post


Link to post
Share on other sites

Voilou le mien :

Logfile of HijackThis v1.99.1

Scan saved at 11:34:49, on 19/04/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

C:\Program Files\Softwin\BitDefender8\bdswitch.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender8\vsserv.exe

c:\progra~1\softwin\bitdef~1\bdmcon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\FX\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe

O4 - HKLM\..\Run: [bDNewsAgent] c:\progra~1\softwin\bitdef~1\bdnagent.exe

O4 - HKLM\..\Run: [bDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=presario&pf=laptop

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/068a959f47b954...RdxIE601_fr.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E6B15D02-CCAA-492C-806C-0FC663AADDFD}: NameServer = 80.10.246.1 80.10.246.132

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

:D

Share this post


Link to post
Share on other sites

voila le rapport après avoir fait ce que tu m'a demandé :

Logfile of HijackThis v1.99.1

Scan saved at 22:30:44, on 19/04/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

H:\WINDOWS\System32\smss.exe

H:\WINDOWS\system32\csrss.exe

H:\WINDOWS\system32\winlogon.exe

H:\WINDOWS\system32\services.exe

H:\WINDOWS\system32\lsass.exe

H:\WINDOWS\System32\Ati2evxx.exe

H:\WINDOWS\system32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\spoolsv.exe

H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

H:\WINDOWS\runservice.exe

H:\WINDOWS\System32\svchost.exe

H:\WINDOWS\system32\ZoneLabs\vsmon.exe

H:\WINDOWS\system32\Ati2evxx.exe

H:\WINDOWS\System32\wuauclt.exe

H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

H:\WINDOWS\ALCXMNTR.EXE

H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

H:\Program Files\iTunes\iTunesHelper.exe

H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

H:\Program Files\MSN Messenger\msnmsgr.exe

H:\Program Files\CursorXP\CursorXP.exe

H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

H:\Program Files\iPod\bin\iPodService.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

H:\WINDOWS\System32\wuauclt.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

H:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

H:\WINDOWS\explorer.exe

H:\Program Files\Mozilla Firefox\firefox.exe

H:\Program Files\iTunes\iTunes.exe

H:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE

H:\Documents and Settings\hgvhv nb\Local Settings\Temp\Répertoire temporaire 7 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - H:\Program Files\Xi\NetTransport 2\NTIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "H:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [ATIPTA] H:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [Zone Labs Client] "H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [AVG7_CC] H:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [msnmsgr] "H:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [CursorXP] H:\Program Files\CursorXP\CursorXP.exe

O4 - HKCU\..\Run: [spySweeper] "H:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: &Télécharger avec NetTransport - H:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - H:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{89697977-F014-44EF-B8E6-95B9BDBED63E}: NameServer = 212.217.0.3 212.217.1.12

O23 - Service: Ati HotKey Poller - Unknown owner - H:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - H:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - H:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - H:\WINDOWS\runservice.exe

O23 - Service: Pml Driver HPZ12 - HP - H:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - H:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - H:\WINDOWS\system32\ZoneLabs\vsmon.exe

et voila le message d'erreur de windows update :

Erreur du programme d’installation du service pack 2

Impossible d’installer le service pack 2 pour windows XP.

La clé de produit utilisé pour installer microsoft windows n’est peut être pas valide.Pour obtenir plus d’informations sue ce message d’erreur et sur la manière de résoudre ce problème , visitez le site web http://www.howtotell.com.

voila l'ordi est devenu plus lent est ce que j'ai fait une erreur est ce que j'ai supprimer quelque chose qui était neccessaire voila

merci de bien vouloir me répondre pour connaitre l'état de lordi et aussi la cause de la non instalation de update

:keskidit:

Share this post


Link to post
Share on other sites
Hijackthis se place à la racine de ta partition system , c'est à dire à coté des dossiers Windows , Program Files , etc...

Tu as oublié ça...m'enfin , quand même !

Bref ton rapport est clean.

Pour le PackSP2 , ta version de xp est ...comment dire...une version piratée...on dirait.

Télécharges le SP2 ICI

et essaye de l'installer.

Installe aussi XP-Antispy pour supprimer les mouchards windows.

Share this post


Link to post
Share on other sites

voila mon log hikackhis:

Logfile of HijackThis v1.99.1

Scan saved at 9:47:56, on 20/04/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Stardock\SDMCP.exe

C:\appz\WindowBlinds\wbload.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\appz\Motherboard Monitor 5\MBM5.EXE

C:\appz\Avast4\ashDisp.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\appz\Avast4\aswUpdSv.exe

C:\appz\Avast4\ashServ.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

c:\progra~1\intern~1\iexplore.exe

C:\appz\MATLAB7\webserver\bin\win32\matlabserver.exe

C:\appz\ObjectDock\ObjectDock.exe

C:\WINDOWS\System32\niSvcLoc.exe

c:\appz\matlab7\bin\win32\matlab.exe

C:\WINDOWS\System32\nutsrv4.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\appz\Avast4\ashMaiSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Mickaël\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jibwlnyvuqhhqggwvfmzh.com/5ajW0..._iK2BrSrvxF.jsp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1DC2B892-1AF6-E6F7-24CC-F64B6CB2E215} - C:\DOCUME~1\MICKAL~1\APPLIC~1\STARTL~1\Ford Noun.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\appz\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [MBM 5] "C:\appz\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [avast!] C:\appz\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Program Files\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [ACTIVE BORE BODY GLOBAL] C:\Documents and Settings\All Users\Application Data\about mapi active bore\bendsecond.exe

O4 - HKCU\..\Run: [AIMFOR] C:\DOCUME~1\MICKAL~1\APPLIC~1\BEEPDO~1\BOOB TIME.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Stardock ObjectDock.lnk = C:\appz\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C237D8E-BC27-4AF8-A790-2BD1FE22BD92}: NameServer = 192.168.1.1

O20 - Winlogon Notify: MCPClient - C:\Program Files\Fichiers communs\Stardock\mcpstub.dll

O20 - Winlogon Notify: WB - C:\appz\WINDOW~1\fastload.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\appz\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\appz\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\appz\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\appz\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\appz\MATLAB7\webserver\bin\win32\matlabserver.exe

O23 - Service: NILM License manager - Macrovision Corporation - C:\appz\labview\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\System32\niSvcLoc.exe

O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Tu peux me filer un coup de main? merci d'avance :pleure:

Share this post


Link to post
Share on other sites

@ googie :

un copié/collé , c'est pas un " quote " !

Logfile of HijackThis v1.99.1

Scan saved at 9:47:56, on 20/04/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Stardock\SDMCP.exe

C:\appz\WindowBlinds\wbload.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\appz\Motherboard Monitor 5\MBM5.EXE

C:\appz\Avast4\ashDisp.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\appz\Avast4\aswUpdSv.exe

C:\appz\Avast4\ashServ.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

c:\progra~1\intern~1\iexplore.exe

C:\appz\MATLAB7\webserver\bin\win32\matlabserver.exe

C:\appz\ObjectDock\ObjectDock.exe

C:\WINDOWS\System32\niSvcLoc.exe

c:\appz\matlab7\bin\win32\matlab.exe

C:\WINDOWS\System32\nutsrv4.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\appz\Avast4\ashMaiSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Mickaël\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jibwlnyvuqhhqggwvfmzh.com/5ajW0..._iK2BrSrvxF.jsp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1DC2B892-1AF6-E6F7-24CC-F64B6CB2E215} - C:\DOCUME~1\MICKAL~1\APPLIC~1\STARTL~1\Ford Noun.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\appz\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [MBM 5] "C:\appz\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [avast!] C:\appz\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [bootSkin Startup Jobs] "C:\Program Files\BootSkin\BootSkin.exe" /StartupJobs

O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\LogonStudio\logonstudio.exe" /RANDOM

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [ACTIVE BORE BODY GLOBAL] C:\Documents and Settings\All Users\Application Data\about mapi active bore\bendsecond.exe

O4 - HKCU\..\Run: [AIMFOR] C:\DOCUME~1\MICKAL~1\APPLIC~1\BEEPDO~1\BOOB TIME.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: Stardock ObjectDock.lnk = C:\appz\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/

O17 - HKLM\System\CCS\Services\Tcpip\..\{9C237D8E-BC27-4AF8-A790-2BD1FE22BD92}: NameServer = 192.168.1.1

O20 - Winlogon Notify: MCPClient - C:\Program Files\Fichiers communs\Stardock\mcpstub.dll

O20 - Winlogon Notify: WB - C:\appz\WINDOW~1\fastload.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\appz\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\appz\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\appz\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\appz\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\appz\MATLAB7\webserver\bin\win32\matlabserver.exe

O23 - Service: NILM License manager - Macrovision Corporation - C:\appz\labview\Shared\License Manager\Bin\lmgrd.exe

O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\System32\niSvcLoc.exe

O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe

O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

@ googie :

Passe Ccleaner.

Scan , coche ces lignes et fixer : ( fix checked )

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jibwlnyvuqhhqggwvfmzh.com/5ajW0..._iK2BrSrvxF.jsp

O2 - BHO: (no name) - {1DC2B892-1AF6-E6F7-24CC-F64B6CB2E215} - C:\DOCUME~1\MICKAL~1\APPLIC~1\STARTL~1\Ford Noun.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [ACTIVE BORE BODY GLOBAL] C:\Documents and Settings\All Users\Application Data\about mapi active bore\bendsecond.exe

O4 - HKCU\..\Run: [AIMFOR] C:\DOCUME~1\MICKAL~1\APPLIC~1\BEEPDO~1\BOOB TIME.exe<<< si tu ne connais pas , coche .

Passe CWShredder.

Share this post


Link to post
Share on other sites

@F--x :

Ton rapport est clean .:D

Que des " inutiles ".

Passe Ccleaner.

Scan coche et fixe ces lignes :

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/068a959f47b954...RdxIE601_fr.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futuremark.com/global/msc34.cab

Passae CWShredder

Passe Spysweeper.

Share this post


Link to post
Share on other sites

@ X4boOne :

Si 2 antivirus installés , supprime en 1 ( perso , je supprimerai les 2 que tu as )

Passe ceci en mode sans échec ( désactive ton antivirus actuel et la protection de la corbeille, si activée ) :Fix Kelvir

Fait un scan en ligne antivirus

ICI

Passe Ccleaner.

Installe Hijackthis à la racine de ton C:\ ( à coté de windows , program files , etc ... ) et poste un nouveau rapport.

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 21:22:48, on 20/04/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

f:\Program Files\AVPersonal\AVGUARD.EXE

f:\Program Files\AVPersonal\AVWUPSRV.EXE

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

F:\Program Files\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\CTHELPER.EXE

F:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

F:\Program Files\Winamp\winampa.exe

F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

F:\Program Files\MessengerPlus! 3\MsgPlus.exe

F:\Program Files\AVPersonal\AVGNT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

F:\Program Files\Pulse\Pulse.exe

F:\Program Files\eMule\emule.exe

F:\Program Files\Common\IconMgr.exe

f:\program files\Colorific\hgcctl95.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\WINDOWS\system32\wisptis.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

f:\Program Files\Winamp\Winamp.exe

F:\Program Files\Firefox\firefox.exe

C:\DOCUMENTS AND SETTINGS\KOKOTTE\BUREAU\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.geocities.com/cashlinkcash

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "f:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [zBrowser Launcher] f:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] f:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [shell API32] svcnet.exe

O4 - HKLM\..\Run: [MessengerPlus3] "f:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [AVGCtrl] f:\Program Files\AVPersonal\AVGNT.EXE /min

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [shell API32] svcnet.exe

O4 - HKCU\..\Run: [Pulse] F:\Program Files\Pulse\Pulse.exe -splash

O4 - HKCU\..\Run: [MessengerPlus3] "f:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MediaDico] f:\Program Files\Micro Application\12 DICOS Indispensables\LanceMediaDICO12.exe Lancement

O4 - HKCU\..\Run: [eMuleAutoStart] F:\Program Files\eMule\emule.exe -AutoStart

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: LightSurf.lnk = F:\Program Files\Common\IconMgr.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{49BEDFD6-D313-4FD5-BF6B-95784D9349E5}: NameServer = 217.19.192.131 217.19.192.132

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - f:\Program Files\AVPersonal\AVGUARD.EXE

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - f:\Program Files\AVPersonal\AVWUPSRV.EXE

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Share this post


Link to post
Share on other sites

Bonjour a tous, alors suite a des redémarages agacants voila ce que j'obtient avec hijackthis :

Logfile of HijackThis v1.99.1

Scan saved at 23:48:02, on 20/04/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hackerwatch.org/library/app/?Md...BDC249B118386E4

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...83/mcinsctl.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Share this post


Link to post
Share on other sites

salut

le lien ke tu m'a donné ne s'installe pas encore que dois je faire et puis j'ai un autre problème :

1/ tout les truc ke je télécharge sont en forme de fichier compressé comment les rendre normal sachant ke mes diske je lé avé compressé é puis décompréssé voila.

2/j'ai installer le style xp j'ai pas su l'utiliser ce qui fait que j'ai modifier des truc : par exemple les fichier audio leur icone on changé comment faire pour les rendre comme il été avant voila merci

voila le rapport j'ai pas compris cette phrase: Hijackthis se place à la racine de ta partition system , c'est à dire à coté des dossiers Windows , Program Files , etc...

donc moi j'ai placé le fichier compresser de hijackthis dans les program file et voici le rapport:chui pa trop doué

voila je suis désolé j'ai désinstallé hijackthis ce qui fait qu'il ne s'installe plus lorsque je met le lien ça ne s'installe pas ça vibre et c tout c parceke jutilise firfox et que la fenétre de téléchargement ki souvre ne souvre pas puiske j" coché la tite case en ba

donc j'aimerai bien avoir la répons a ces problème

merciii bccppp

:zarb:

Share this post


Link to post
Share on other sites

@ ninaskaela :

Passe Ccleaner.

Désactive la restauration system.

Scan , et fixe ces lignes avec Hijackthis :

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "f:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [WinampAgent] f:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [shell API32] svcnet.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [shell API32] svcnet.exe

O4 - HKCU\..\Run: [Pulse] F:\Program Files\Pulse\Pulse.exe -splash

O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: LightSurf.lnk = F:\Program Files\Common\IconMgr.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

Redémarre en mode sans échec.

Passe CWShredder et Spysweeper.

Fait un scan en ligne ICI

Reboot en mode normal.

Place Hijackthis à la racine de la partition system. ( ...à coté de Windows , Program files ,etc ... )

Scan à nouveau et poste un nouveau rapport pour vérif.

Share this post


Link to post
Share on other sites

@ teddy_736 :

Ton rapport est clean :yes:

Quelques " inutiles " à fixer :

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

Pour ton problème de redémarrage incessants , il faut faire " cracher " ton BSOD , afin de pouvoir y lire , en bas de page , le driver responsable .

Décoche : " Redémarrer automatiquement "

BSOD.PNG

Ouvres alors un nouveau post dans " logiciels" pour y indiquer ce qu'il y a de marqué au bas de ton prochain " écran bleu de la mort " .

:chinois:

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...