[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

[stephconst]

voici le rapport de navilog au bout de la 2ème exécution du programme:

Clean Navipromo version 3.3.6 commencé le dim. 25/11/2007 à 17:39:36,17

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.11.2007 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 6.0.2900.2180

Mode suppression automatique

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\WINDOWS\system32\lnyrwjf.dat réalisé avec succès !

Copie C:\WINDOWS\system32\lnyrwjf.exe réalisé avec succès !

Copie C:\WINDOWS\system32\lnyrwjf_nav.dat réalisé avec succès !

Copie C:\WINDOWS\system32\lnyrwjf_navps.dat réalisé avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\lnyrwjf.dat supprimé !

C:\WINDOWS\system32\lnyrwjf.exe supprimé !

C:\WINDOWS\system32\lnyrwjf_nav.dat supprimé !

C:\WINDOWS\system32\lnyrwjf_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

C:\WINDOWS\prefetch\lnyrwjf*.pf trouvé !

Copie C:\WINDOWS\prefetch\lnyrwjf*.pf réalisé avec succès !

C:\WINDOWS\prefetch\lnyrwjf*.pf supprimé !

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

cfziyg.exe trouvé !

Copie cfziyg.exe réalisé avec succès !

cfziyg.exe supprimé !

* Suppression dans C:\DOCUME~1\STEPHA~1\LOCALS~1\APPLIC~1 *

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Suppression dossiers dans C:\Documents and Settings\Stephanie\Application Data ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

C:\WINDOWS\tmlpcert2007 supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\Stephanie\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche, création sauvegardes et suppression Heuristique :

C:\WINDOWS\system32\idmxjylsg.exe trouvé !

Copie C:\WINDOWS\system32\idmxjylsg.exe réalisé avec succès !

C:\WINDOWS\system32\idmxjylsg.exe supprimé !

C:\WINDOWS\system32\vaheblkitt.exe trouvé !

Copie C:\WINDOWS\system32\vaheblkitt.exe réalisé avec succès !

C:\WINDOWS\system32\vaheblkitt.exe supprimé !

*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le dim. 25/11/2007 à 17:47:14,66 ***

[snooky]

Lance LopSD , puis 1 et R .

Poste le rapport créé .

[stephconst]

Lance LopSD , puis 1 et R .

Poste le rapport créé .

Hello Snooky,

voici le rapport lop :

------------------------------[ Lop S&D 1.5 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\Stephanie\Mes documents\nettoyage\Lop S&D"

Rapport créé Le mar. 27/11/2007 à 14:16:19,29 PC : CONSTAND-9JEVWW

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\Administrateur\Application Data\Real

C:\Documents and settings\Administrateur\Application Data\Identities

C:\Documents and settings\Administrateur\Application Data\Microsoft

C:\Documents and settings\Administrateur\Application Data\desktop.ini

C:\Documents and settings\All Users\Application Data\addr_file.html

C:\Documents and settings\All Users\Application Data\Avira

C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy

C:\Documents and settings\All Users\Application Data\Uniblue

C:\Documents and settings\All Users\Application Data\BOONTY

C:\Documents and settings\All Users\Application Data\OrbNetworks

C:\Documents and settings\All Users\Application Data\Zylom

C:\Documents and settings\All Users\Application Data\TERMINAL Studio

C:\Documents and settings\All Users\Application Data\Apple Computer

C:\Documents and settings\All Users\Application Data\Apple

C:\Documents and settings\All Users\Application Data\QTSBandwidthCache

C:\Documents and settings\All Users\Application Data\Adobe

C:\Documents and settings\All Users\Application Data\Lavasoft

C:\Documents and settings\All Users\Application Data\CanonBJ

C:\Documents and settings\All Users\Application Data\PlayFirst

C:\Documents and settings\All Users\Application Data\Microsoft

C:\Documents and settings\All Users\Application Data\Yahoo! Companion

C:\Documents and settings\All Users\Application Data\Yahoo!

C:\Documents and settings\All Users\Application Data\Sony Ericsson

C:\Documents and settings\All Users\Application Data\Teleca

C:\Documents and settings\All Users\Application Data\NVIDIA

C:\Documents and settings\All Users\Application Data\Ciel

C:\Documents and settings\All Users\Application Data\Trymedia

C:\Documents and settings\All Users\Application Data\OD2

C:\Documents and settings\All Users\Application Data\DupeSeekFlawThird

C:\Documents and settings\All Users\Application Data\MSN Search Toolbar

C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage

C:\Documents and settings\All Users\Application Data\InstallShield

C:\Documents and settings\All Users\Application Data\RoboForm

C:\Documents and settings\All Users\Application Data\Ahead

C:\Documents and settings\All Users\Application Data\DVD Shrink

C:\Documents and settings\All Users\Application Data\HP

C:\Documents and settings\All Users\Application Data\hpzinstall.log

C:\Documents and settings\All Users\Application Data\Macrovision

C:\Documents and settings\All Users\Application Data\desktop.ini

C:\Documents and settings\All Users\Application Data\nView_Profiles

C:\Documents and settings\All Users\Application Data\MSN Messenger 6.1.0211

C:\Documents and settings\All Users\Application Data\QuickTime

C:\Documents and settings\All Users\Application Data\MSN6

C:\Documents and settings\All Users\Application Data\SBT

C:\Documents and settings\Default User\Application Data\Microsoft

C:\Documents and settings\Default User\Application Data\desktop.ini

C:\Documents and settings\LocalService\Application Data\Symantec

C:\Documents and settings\LocalService\Application Data\Microsoft

C:\Documents and settings\NetworkService\Application Data\Microsoft

C:\Documents and settings\NetworkService\Application Data\Symantec

C:\Documents and settings\Stephanie\Application Data\Lavasoft

C:\Documents and settings\Stephanie\Application Data\Uniblue

C:\Documents and settings\Stephanie\Application Data\Macromedia

C:\Documents and settings\Stephanie\Application Data\Identities

C:\Documents and settings\Stephanie\Application Data\Zylom

C:\Documents and settings\Stephanie\Application Data\Big Fish Games

C:\Documents and settings\Stephanie\Application Data\Magic Academy

C:\Documents and settings\Stephanie\Application Data\Adobe

C:\Documents and settings\Stephanie\Application Data\Vso

C:\Documents and settings\Stephanie\Application Data\pcouffin.log

C:\Documents and settings\Stephanie\Application Data\inst.exe

C:\Documents and settings\Stephanie\Application Data\pcouffin.cat

C:\Documents and settings\Stephanie\Application Data\pcouffin.sys

C:\Documents and settings\Stephanie\Application Data\pcouffin.inf

C:\Documents and settings\Stephanie\Application Data\WholeSecurity

C:\Documents and settings\Stephanie\Application Data\FarStone

C:\Documents and settings\Stephanie\Application Data\Avant Profiles

C:\Documents and settings\Stephanie\Application Data\Avant Browser

C:\Documents and settings\Stephanie\Application Data\OpenOffice.org2

C:\Documents and settings\Stephanie\Application Data\iWin

C:\Documents and settings\Stephanie\Application Data\AdobeUM

C:\Documents and settings\Stephanie\Application Data\Help

C:\Documents and settings\Stephanie\Application Data\HPCOM_48BitScanUpdate.log

C:\Documents and settings\Stephanie\Application Data\PlayFirst

C:\Documents and settings\Stephanie\Application Data\Leadertech

C:\Documents and settings\Stephanie\Application Data\Teleca

C:\Documents and settings\Stephanie\Application Data\Apple Computer

C:\Documents and settings\Stephanie\Application Data\yahoo!

C:\Documents and settings\Stephanie\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log

C:\Documents and settings\Stephanie\Application Data\7Wonders

C:\Documents and settings\Stephanie\Application Data\Real

C:\Documents and settings\Stephanie\Application Data\OD2

C:\Documents and settings\Stephanie\Application Data\Microsoft

C:\Documents and settings\Stephanie\Application Data\Google

C:\Documents and settings\Stephanie\Application Data\MSN Search Toolbar

C:\Documents and settings\Stephanie\Application Data\GlobalSCAPE

C:\Documents and settings\Stephanie\Application Data\Ahead

C:\Documents and settings\Stephanie\Application Data\Jasc

C:\Documents and settings\Stephanie\Application Data\Jasc Software Inc

C:\Documents and settings\Stephanie\Application Data\HP

C:\Documents and settings\Stephanie\Application Data\Sun

C:\Documents and settings\Stephanie\Application Data\vlc

C:\Documents and settings\Stephanie\Application Data\NeroVision

C:\Documents and settings\Stephanie\Application Data\MSN6

C:\Documents and settings\Stephanie\Application Data\Symantec

C:\Documents and settings\Stephanie\Application Data\Visicom Media

C:\Documents and settings\Stephanie\Application Data\InterVideo

C:\Documents and settings\Stephanie\Application Data\Roxio

C:\Documents and settings\Stephanie\Application Data\desktop.ini

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job

C:\WINDOWS\tasks\Uniblue SpyEraser.job

C:\WINDOWS\tasks\TASK20030531134952.job

C:\WINDOWS\tasks\TASK20030514121639.job

C:\WINDOWS\tasks\TASK20030514121109.job

C:\WINDOWS\tasks\SA.DAT

C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\ACMonitor_X73.exe

C:\Program Files\ACMonitor_X73.ini

C:\Program Files\Adaptec

C:\Program Files\Adobe

C:\Program Files\ahead

C:\Program Files\AKVIS

C:\Program Files\Alwil Software

C:\Program Files\Antipub

C:\Program Files\aoxppr

C:\Program Files\AspiMail II

C:\Program Files\AutoClic

C:\Program Files\AUTORUN.INF

C:\Program Files\Avant Browser

C:\Program Files\AVIcodec

C:\Program Files\Avira

C:\Program Files\Babylon

C:\Program Files\Boonty

C:\Program Files\BoontyGames

C:\Program Files\BOOTCAT.BIN

C:\Program Files\BOOTIMG.BIN

C:\Program Files\BSPlayer

C:\Program Files\Canon

C:\Program Files\Cashbarre

C:\Program Files\CCleaner

C:\Program Files\CDSTART.EXE

C:\Program Files\CDSTART.HLP

C:\Program Files\Ciel

C:\Program Files\C-Media

C:\Program Files\Common Files

C:\Program Files\Conference

C:\Program Files\denouvel

C:\Program Files\DesignPro

C:\Program Files\Disc2Phone

C:\Program Files\DivX

C:\Program Files\DivX Video Duplicator

C:\Program Files\Driver for ZOLID Laser Mouse

C:\Program Files\DVD Shrink

C:\Program Files\EA GAMES

C:\Program Files\Easy CD-DA Extractor 6

C:\Program Files\eBay

C:\Program Files\ECBarre

C:\Program Files\Elaborate Bytes

C:\Program Files\E-mail eXtractor

C:\Program Files\eMule

C:\Program Files\EuroTool

C:\Program Files\Fichiers communs

C:\Program Files\FileZilla

C:\Program Files\GameHouse

C:\Program Files\GlobalSCAPE

C:\Program Files\GoldBarre

C:\Program Files\gtx73.ini

C:\Program Files\Hewlett-Packard

C:\Program Files\HighMAT CD Writing Wizard

C:\Program Files\Hijackthis Version Fran‡aise

C:\Program Files\HP

C:\Program Files\Intel

C:\Program Files\Internet Explorer

C:\Program Files\InterVideo

C:\Program Files\iPod

C:\Program Files\Ipswitch

C:\Program Files\iTunes

C:\Program Files\Jasc Software Inc

C:\Program Files\Java

C:\Program Files\JavaSoft

C:\Program Files\Jewel Quest 2

C:\Program Files\Kazaa

C:\Program Files\Kazaa K++

C:\Program Files\KiddiesBarre

C:\Program Files\KitBar

C:\Program Files\K-Lite Codec Pack

C:\Program Files\Lauyan

C:\Program Files\Lavasoft

C:\Program Files\LISEZMOI.TXT

C:\Program Files\lxarscan.dll

C:\Program Files\MailingBuilder

C:\Program Files\Messenger

C:\Program Files\Messenger Plus! 3

C:\Program Files\MGI

C:\Program Files\Micro Application

C:\Program Files\Microsoft CAPICOM 2.1.0.2

C:\Program Files\microsoft frontpage

C:\Program Files\Microsoft Office

C:\Program Files\Microsoft Picture It! PhotoPub

C:\Program Files\Microsoft Visual Studio

C:\Program Files\Microsoft Works

C:\Program Files\Microsoft.NET

C:\Program Files\MobilZone

C:\Program Files\Movie Maker

C:\Program Files\MSI

C:\Program Files\MSN Gaming Zone

C:\Program Files\MSN Messenger

C:\Program Files\MSN Toolbar Suite

C:\Program Files\MSXML 4.0

C:\Program Files\MUSICMATCH

C:\Program Files\Navilog1

C:\Program Files\NetMeeting

C:\Program Files\Netropa

C:\Program Files\NimoCodec Pack

C:\Program Files\OfficeUpdate11

C:\Program Files\On Demand Distribution

C:\Program Files\OSLO3071b2.USB

C:\Program Files\Outlook Express

C:\Program Files\Overland

C:\Program Files\OWCInst

C:\Program Files\Painter

C:\Program Files\Painter Classic

C:\Program Files\PCStitch 7

C:\Program Files\PhotoFiltre

C:\Program Files\Pictogramme

C:\Program Files\PIXELA

C:\Program Files\Pochette Express 2

C:\Program Files\Prassi PrimoCD Plus 2.0 (French)

C:\Program Files\QuickTime

C:\Program Files\Real

C:\Program Files\RngInterstitial.dll

C:\Program Files\Samsung

C:\Program Files\SearchRelevant

C:\Program Files\Services en ligne

C:\Program Files\Setup Files

C:\Program Files\SETUP.EXE

C:\Program Files\SETUP.INI

C:\Program Files\Share_Accelerator

C:\Program Files\Siber Systems

C:\Program Files\Smart Link

C:\Program Files\Smart Projects

C:\Program Files\Softland

C:\Program Files\Sony Ericsson

C:\Program Files\Spybot - Search & Destroy

C:\Program Files\SUPPORT

C:\Program Files\SystemRequirementsLab

C:\Program Files\The MagicBook V5

C:\Program Files\TMPGenc

C:\Program Files\Trymedia

C:\Program Files\Uniblue

C:\Program Files\VeriSign

C:\Program Files\VideoLAN

C:\Program Files\virtualdub

C:\Program Files\VIRUSDEF

C:\Program Files\Visicom Media

C:\Program Files\vso

C:\Program Files\Winamp

C:\Program Files\Winamp Remote

C:\Program Files\WinASPI

C:\Program Files\Windows Journal Viewer

C:\Program Files\Windows Media Bonus Pack for Windows XP

C:\Program Files\Windows Media Player

C:\Program Files\Windows NT

C:\Program Files\WinISO

C:\Program Files\WinRAR

C:\Program Files\WinZip

C:\Program Files\WS_FTP Pro

C:\Program Files\x73_lut.dat

C:\Program Files\xerox

C:\Program Files\xp-AntiSpy

C:\Program Files\Yahoo!

C:\Program Files\Zapu

C:\Program Files\Zylom Games

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adaptec Shared

C:\program files\fichiers communs\Adobe

C:\program files\fichiers communs\Ahead

C:\program files\fichiers communs\Apple

C:\program files\fichiers communs\BOONTY Shared

C:\program files\fichiers communs\Ciel

C:\program files\fichiers communs\click2learn

C:\program files\fichiers communs\DESIGNER

C:\program files\fichiers communs\Hewlett-Packard

C:\program files\fichiers communs\HP

C:\program files\fichiers communs\InstallShield

C:\program files\fichiers communs\Jasc Software Inc

C:\program files\fichiers communs\Java

C:\program files\fichiers communs\king.com

C:\program files\fichiers communs\Macrovision Shared

C:\program files\fichiers communs\Microsoft Shared

C:\program files\fichiers communs\MSSoap

C:\program files\fichiers communs\ODBC

C:\program files\fichiers communs\Real

C:\program files\fichiers communs\Roxio Shared

C:\program files\fichiers communs\Services

C:\program files\fichiers communs\SpeechEngines

C:\program files\fichiers communs\Symantec Shared

C:\program files\fichiers communs\System

C:\program files\fichiers communs\Teleca Shared

C:\program files\fichiers communs\TweakMarketing

C:\program files\fichiers communs\udeafndm

C:\program files\fichiers communs\Wise Installation Wizard

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

Aucun dossier Lop trouvé !

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : MODIFIE

127.0.0.1 localhost

127.0.0.1 bin.errorprotector.com ## added by CiD

127.0.0.1 br.errorsafe.com ## added by CiD

127.0.0.1 br.winantivirus.com ## added by CiD

127.0.0.1 br.winfixer.com ## added by CiD

127.0.0.1 cdn.drivecleaner.com ## added by CiD

127.0.0.1 cdn.errorsafe.com ## added by CiD

127.0.0.1 cdn.winsoftware.com ## added by CiD

127.0.0.1 de.errorsafe.com ## added by CiD

127.0.0.1 de.winantivirus.com ## added by CiD

127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

127.0.0.1 download.cdn.errorsafe.com ## added by CiD

127.0.0.1 download.cdn.winsoftware.com ## added by CiD

127.0.0.1 download.errorsafe.com ## added by CiD

127.0.0.1 download.systemdoctor.com ## added by CiD

127.0.0.1 download.winantispyware.com ## added by CiD

127.0.0.1 download.windrivecleaner.com ## added by CiD

127.0.0.1 download.winfixer.com ## added by CiD

127.0.0.1 drivecleaner.com ## added by CiD

127.0.0.1 dynamique.drivecleaner.com ## added by CiD

127.0.0.1 errorprotector.com ## added by CiD

127.0.0.1 errorsafe.com ## added by CiD

127.0.0.1 es.winantivirus.com ## added by CiD

127.0.0.1 fr.winantivirus.com ## added by CiD

127.0.0.1 fr.winfixer.com ## added by CiD

127.0.0.1 go.drivecleaner.com ## added by CiD

127.0.0.1 go.errorsafe.com ## added by CiD

127.0.0.1 go.winantispyware.com ## added by CiD

127.0.0.1 go.winantivirus.com ## added by CiD

127.0.0.1 hk.winantivirus.com ## added by CiD

127.0.0.1 instlog.errorsafe.com ## added by CiD

127.0.0.1 instlog.winantivirus.com ## added by CiD

127.0.0.1 instlog.winfixer.com ## added by CiD

127.0.0.1 jsp.drivecleaner.com ## added by CiD

127.0.0.1 kb.errorsafe.com ## added by CiD

127.0.0.1 kb.winantivirus.com ## added by CiD

127.0.0.1 nl.errorsafe.com ## added by CiD

127.0.0.1 se.errorsafe.com ## added by CiD

127.0.0.1 secure.drivecleaner.com ## added by CiD

127.0.0.1 secure.errorsafe.com ## added by CiD

127.0.0.1 secure.winantispam.com ## added by CiD

127.0.0.1 secure.winantispy.com ## added by CiD

127.0.0.1 secure.winantivirus.com ## added by CiD

127.0.0.1 support.winantivirus.com ## added by CiD

127.0.0.1 trial.updates.winsoftware.com ## added by CiD

127.0.0.1 ulog.winantivirus.com ## added by CiD

127.0.0.1 utils.errorsafe.com ## added by CiD

127.0.0.1 utils.winantivirus.com ## added by CiD

127.0.0.1 utils.winfixer.com ## added by CiD

127.0.0.1 winantispyware.com ## added by CiD

127.0.0.1 winantivirus.com ## added by CiD

127.0.0.1 winfixer.com ## added by CiD

127.0.0.1 winfixer2006.com ## added by CiD

127.0.0.1 winsoftware.com ## added by CiD

127.0.0.1 www.drivecleaner.com ## added by CiD

127.0.0.1 www.errorprotector.com ## added by CiD

127.0.0.1 www.errorsafe.com ## added by CiD

127.0.0.1 www.systemdoctor.com ## added by CiD

127.0.0.1 www.utils.winfixer.com ## added by CiD

127.0.0.1 www.win-anti-virus-pro.com ## added by CiD

127.0.0.1 www.win-virus-pro.com ## added by CiD

127.0.0.1 www.winantispam.com ## added by CiD

127.0.0.1 www.winantispy.com ## added by CiD

127.0.0.1 www.winantispyware.com ## added by CiD

127.0.0.1 www.winantivirus.com ## added by CiD

127.0.0.1 www.winantiviruspro.com ## added by CiD

127.0.0.1 www.windrivecleaner.com ## added by CiD

127.0.0.1 www.windrivesafe.com ## added by CiD

127.0.0.1 www.winfixer.com ## added by CiD

127.0.0.1 www.winfixer2006.com ## added by CiD

127.0.0.1 www.winsoftware.com ## added by CiD

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-27 14:16:42

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden files ...

scan completed successfully

hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

D:\Autorun.inf

--------------------[ Fin du rapport à 14:19:51,55 ]----------------------

En tout cas c'est sympas, car je vois déjà bien une différence de travail sur mon PC.

quand tu sais quoi peux-tu effacer ce message, y tout mon pc la dedans...

[snooky]

Lance SDFix ( en mode sans échec ) et poste le rapport créé .

http://mickael.barroux.free.fr/securite/sdfix.php

[scarcore]

hello, ça rame toujours!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 18:32:38, on 02/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\My Drive Meter\Data\dat01\MyDM_Service.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\daves\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.seekgoofr.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Olitec\USB ADSL\CnxDslTb.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [My Drive Meter] C:\Program Files\My Drive Meter\Data\dat01\MyDM_Service.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm

O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{8BF332A9-4761-44BD-88E1-ACB47A8CEDC3}: NameServer = 84.103.237.144 86.64.145.144

O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--

End of file - 7992 bytes

Merci

[Hal_g0rithm]

Salut,

probleme de reboot et ca rame graaaaaaaaaave

voici le rapport :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:08:09, on 01/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

C:\WINDOWS\system32\vmnat.exe

C:\WINDOWS\system32\vmnetdhcp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe

O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 4770 bytes

[snooky]

Essaye ce site ( si tu as des fichiers .dmp dans le dossier Windows \Minidump ) :

https://oca.microsoft.com/fr/welcome.aspx

[freeman27]

Salut,

Depuis peux mon anti-virus / anti-spyware à détecté hosts hijacker.

Et je n'arrive pas à le supprimer.

Voici en même temps mon log.

Logfile of HijackThis v1.99.1

Scan saved at 20:06:25, on 05/12/2007

Platform: Unknown Windows (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\hp\support\hpsysdrv.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\WINDOWS\vVX6000.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Users\Patrick\AppData\Local\Temp\Temp2_scanner.exe.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O11 - Options group: [iNTERNATIONAL] International*

O13 - Gopher Prefix:

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Merci

[G.Abitbol]

heum salut ... juste pour savoir si je suis clean ^^'

merci d'avance vous étes des chefs de faire ça pour les autes (j'ai deja fais des p'tites recherche par moi-méme de se qui est bien ou pas mais j'aimerai un avis sur ^^')

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:07:56, on 09/12/2007

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Razer\razerhid.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Razer\razerofa.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\VPro520.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\William\AppData\Local\Temp\Rar$EX00.318\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\razerhid.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: VPro520.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--

End of file - 9350 bytes

[Marti451000]

bonjour

toujours et encore des problèmes avec mon pc (ouverture de fenêtres intempestives, blocage de IE, impossibilité de télé charger complètement un fichier (il apparait chargé mais à l'installation il y a une erreur) nouveauté: depuis une semaine impossible d'aller sur certains sites dont les forums forum actif (très gênant car je m'occuppe de deux forums)

Si quelqu'un trouve une solution, je l'en remercie d'avance

cordialement

marc

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:57:26, on 10/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\eMule\emule.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\ECBarre\EC-Barre.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.numericable.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.antivirus-france.com/kav...can_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: NameServer = 85.255.113.203,85.255.112.227

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.227

O17 - HKLM\System\CS1\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: NameServer = 85.255.113.203,85.255.112.227

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.227

O17 - HKLM\System\CS2\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: NameServer = 85.255.113.203,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.227

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

--

End of file - 8690 bytes

[snooky]

@ Marti451000 :

Pas de balises pour les rapports Hijackthis , merci

Désinstalle Avast et autres Ad-Aware & Spybot ...

Télécharge FixWareout sur le bureau:

http://downloads.subratam.org/Fixwareout.exe

ou

http://swandog46.geekstogo.com/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.

Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le.

Ton système mettra un peu plus de temps au démarrage, c'est normal.

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: NameServer = 85.255.113.203,85.255.112.227

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.227

O17 - HKLM\System\CS1\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: NameServer = 85.255.113.203,85.255.112.227

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.227

O17 - HKLM\System\CS2\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: NameServer = 85.255.113.203,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.227

Lance Navilog1 , option 1 .

Quitte Navilog1 .

Lance une 2ème fois Navilog1 et prends l'option 2 .

Pose le rapport créé .

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Lance SmitfraudFix en mode sans échec , option 2 .

Redémarre en mode normal et poste le rapport créé.

[Marti451000]

re bonjour

Quand ton système aura redémarré, suis les invites des messages. Ensuite lance HijackThis. Clique sur Scan et coche les lignes suivantes:

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: NameServer = 85.255.113.203,85.255.112.227

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.227

O17 - HKLM\System\CS1\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: NameServer = 85.255.113.203,85.255.112.227

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.227

O17 - HKLM\System\CS2\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: NameServer = 85.255.113.203,85.255.112.227

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.203 85.255.112.227

Je suis coincé là car ces lignes n'apparaissent pas sur Hijackthis

Merci de me dire ce que je dois faire maintenant

Cordialement

Marc

[Quick526]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:04:06, on 10/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

C:\Documents and Settings\Marie\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.fr/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: SynTPEnh.lnk = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geomapguide.com/diren/download/...v6/mgaxctrl.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f005.mail.caramail.lycos.fr/app/upl...ileUploader.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/a...zylomloader.cab

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--

End of file - 9873 bytes

Voir topic sur Virus, Trojan introuvable, merci.

[Marti451000]

voilà le rapport navilog

Clean Navipromo version 3.3.5 commencé le 10/12/2007 à 20:07:43,00

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 08.11.2007 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]

Internet Explorer : 7.0.5730.11

Mode suppression automatique

*** fsbl1.txt non trouvé ***

(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

* Suppression dans C:\DOCUME~1\FAMILLE\LOCALS~1\APPLIC~1 *

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***

*** Suppression dossiers dans C:\Documents and Settings\famille\Application Data ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !

Nettoyage contenu C:\Documents and Settings\famille\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***

(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche, création sauvegardes et suppression Heuristique :

*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !

*** Fichiers suspects non supprimés par Navilog1 ***

!! Fichiers légitimes possibles, à contrôler avant suppression !!

*** Nettoyage terminé le 10/12/2007 à 20:10:13,10 ***

merci encore

marc

[Marti451000]

suite

Lance SmitfraudFix en mode sans échec , option 2 .

j'ai téléchargé SmitfraudFix mais je ne peux pas le lancer car mon PC refuse de démarrer en mode sans échec.

Ca se lance puis le micro redémarre tout seul en mode normal.

Que dois je faire alors?

Merci

MArc

[snooky]

En mode normal , alors

Poste le rapport créé.

Redémarre le pc ensuite et poste un nouveau rapport Hijackthis .

[snooky]

@ Quick526 :

Coche et fixe cette ligne :

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

Active les Riskwares de Kaspersky .

Redémarre en mode sans échec et analyse ton pc avec KAV7.

PS:

Donne des infos sur ce " virus introuvable " ...

[Marti451000]

voila le rapport de smitfraudFix effectué donc en mode normal

SmitFraudFix v2.260

Rapport fait à 13:05:14,04, 11/12/2007

Executé à partir de C:\Documents and Settings\famille\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est NTFS

Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\DOCUME~1\famille\Favoris\Error Cleaner.url supprimé

C:\DOCUME~1\famille\Favoris\Privacy Protector.url supprimé

C:\DOCUME~1\famille\Favoris\Spyware?Malware Protection.url supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets

DNS Server Search Order: 89.2.0.1

DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: DhcpNameServer=89.2.0.1 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: DhcpNameServer=89.2.0.1 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\..\{5A460D64-A72E-45DB-BF8B-9773B4101CC6}: DhcpNameServer=89.2.0.1 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 192.168.0.1

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 192.168.0.1

HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=89.2.0.1 192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"system"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

moi je n'y comprend rien, je t'envie de t'y retrouver

cordialement

marc

[snooky]

@ Marti451000 :

Lance Clean v2.0 by FRUiT , procédure 1 .

Redémarre le pc et poste un nouveau rapport Hijackthis .

[Marti451000]

re

Comme demandé voici le nouveau rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:12:42, on 11/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\Program Files\Eurobarre\eb.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\IncrediMail\bin\IncMail.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

--

End of file - 5935 bytes

Si il y a encore des choses à faire je suis toute ouie. Mais ca fonctionne déjà beaucoup mieux.

Entre autre je ne suis plus bloqué pour accéder aux forums, l'explorer ne bloque plus et je n'ai pas eu encore une seule fenêtre intempestive.

Merci pour ton super boulot

Cordialement

Marc

[snooky]

@ Marti451000 :

Désinstalle Eurobarre .

Coche et fixe ces lignes avec Hijackthis :

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

services.msc à taper dans Démarrer / Exécuter , puis double clique sur le service Google Updater .

Arrête et désactive ce service.

Désactive la restauration système . ( touches Windows + Pause pour y accéder )

Installe le fichier Hosts ( fait en 10 secondes , vise ma signature )

Installe et analyse ton pc avec Antivir :

http://www.clubic.com/telecharger-fiche108...-edition-7.html

Redémarre le pc .

Active la restauration système.

++

[Marti451000]

bonsoir

ca marche jusqu'à l'installation de antivir

là ca me marque que certains fichiers n'ont pu être crées

redemarrez windows er réessayez (j'ai rééssayé 2 fois mais ca fait toujours pareil)

Y a t-il une autre méthode?

Cordialement

Marc

@ Marti451000 :

Désinstalle Eurobarre .

:8 Coche et fixe ces lignes avec Hijackthis :

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

services.msc à taper dans Démarrer / Exécuter , puis double clique sur le service Google Updater .

Arrête et désactive ce service.

Désactive la restauration système . ( touches Windows + Pause pour y accéder )

Installe le fichier Hosts ( fait en 10 secondes , vise ma signature )

Installe et analyse ton pc avec Antivir :

http://www.clubic.com/telecharger-fiche108...-edition-7.html

Redémarre le pc .

Active la restauration système.

++

[snooky]

Tu n'arrives pas à installer Antivir , c'est ça ?

[Marti451000]

Tu n'arrives pas à installer Antivir , c'est ça ?

oui tout à fait, l'installation se bloque à la fin

C'est désespérant quand on croit que c'est enfin arrangé

[snooky]

Désinstalle et supprime le dossier Antivir si présent.

Installe KAV 7 :

http://dnl-eu9.kaspersky-labs.com/trial/re...7.0.0.125fr.exe

Analyse le pc .