|
|||||||
| Sécurité & virus La sécurité en général et les problèmes liés aux virus, spywares et autres infections. |
 |
|
|
LinkBack | Outils de la discussion | Modes d'affichage |
06/12/2007, 13h09
|
#1 (permalink) |
|
Novice
 Date d'inscription: novembre 2007
Localisation: LOIRE
Messages: 36
|
Prob Divers
Bonjour, comme prévu me revoilà avec de nouveaux soucis sur une autre machine.
a) firefox se ferme sans raison b) tout ce qui est branché en usb se déconnecte sans raison , obligeant à débranché et rebranché chaque élément: souris, clavier, disques dur externe, scan, ect... Allo docteur qu'est ce qu'on fait??? |
|
|
|
06/12/2007, 15h10
|
#3 (permalink) |
|
Novice
Date d'inscription: novembre 2007
Localisation: LOIRE
Messages: 36
|
re
Impossible de télecharger HijackThis avec ma machine
donc récupéré sur l'autre machine. Voilà le rapport à toi de jouer... Logfile of HijackThis v1.99.1 Scan saved at 14:08:49, on 06/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\HP Web Jetadmin\hpwebjetd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\KONICA MINOLTA\PageScope Net Care\JavaService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP Web Jetadmin\hpwebjetd.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\DrvMon.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PVSW\Bin\w3dbsmgr.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Adobelm_Cleanup .0001 C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\Adobelm_Cleanup .0001 C:\Program Files\EBP\Gestion12.0\Gestion.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinPhone eXPert\Winphone.exe C:\Program Files\Pando Networks\Pando\pando.exe C:\WINDOWS\EXPLORER.EXE F:\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Page initiale personnalisée R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Page initiale personnalisée R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file) O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\Adssite_sidebar.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsc213.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: iTunes.lnk = ? O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe O4 - Startup: PowerReg Scheduler.exe O4 - Startup: WinPhone eXPert.lnk = C:\Program Files\WinPhone eXPert\Winphone.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: Testeur de bande passante O15 - Trusted Zone: EBP Logiciels de gestion, comptabilité, paye pour PME - TPE - Particuliers O15 - Trusted Zone: http://www.free-drm-encoder.com O15 - Trusted IP range: Masita Sportswear Homepage O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164622591218 O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O20 - AppInit_DLLs: wxvault.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing) O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KONICA MINOLTA PageScope Net Care (KM PageScope Net Care Service) - Unknown owner - C:\Program Files\KONICA MINOLTA\PageScope Net Care\JavaService.exe O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe |
|
|
|
|
07/12/2007, 00h21
|
#4 (permalink) |
|
Confirmé
 
Date d'inscription: mars 2004
Localisation: Normandie
Âge: 37
Messages: 736
|
bonsoir,
je sais pas ce qu'en pense Angélique, mais à part des bricoles dans les BHO, je vois rien qui justifierait de tels dysfonctionnements. voilà ce que je te propose: tu postes un sujet ici: http://forum.generation-nt.com/peripheriques/ une fois que tes soucis sont réglés, tu reviens là pour un petit nettoyage de routine.
__________________
|
|
|
|
|
07/12/2007, 08h18
|
#5 (permalink) | |
|
Angel¤Helper
Date d'inscription: juin 2005
Localisation: bzh 22
Âge: 36
Messages: 1 955
|
Citation:
==> telecharge MsLook.bat : Send big files the easy way. Files too large for email attachments? No problem! execute le et poste le rapport qui est généré. 1/**lancer HJT " do a system scan only",cocher uniquement et clic fixchecked: O2 - BHO: Media Holding Enterprises, LLC - {0D39A900-0F3A-4C29-A254-3E65244FDC34} - (no file) O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\Adssite_sidebar.dll O2 - BHO: ads_optimizer - {9C8A568E-4201-478a-8536-526CF371D2E2} - C:\WINDOWS\system32\nsc213.dll O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: iTunes.lnk = ? O4 - Startup: PowerReg Scheduler.exe O4 - Startup: WinPhone eXPert.lnk = C:\Program Files\WinPhone eXPert\Winphone.exe O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe 2/Télécharge OTMoveIt (par OldTimer). Sauvegarde-le sur ton Bureau. http://download.bleepingcomputer.com...r/OTMoveIt.exe * Copie le texte ci-bas ET RIEN D'AUTRE!!!(sélectionne-le en entier avec ta souris, puis fais un clic-droit dessus et choisis "Copier") : Code:
C:\WINDOWS\system32\Adssite_sidebar.dll C:\WINDOWS\system32\Adssite_sidebar_uninstall.exe C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\nsc213.dll * Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée * Fais un Clique-droit sur le cadre de gauche puis choisis Coller. * Clique à présent sur le bouton "MoveIt!". Un rapport va être créé, il se trouve dans C:\_OTMoveIt\MovedFiles\ Le nom du rapport est la date de sa création. 3/- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1 met le sur ton bureau **ATF Cleaner Double-clique ATF-Cleaner.exe afin de lancer le programme. Sous l'onglet Main, choisis : Select All Clique sur le bouton Empty Selected Si tu utilises le navigateur Firefox : Clique Firefox au haut et choisis : Select All Clique le bouton Empty Selected NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite. Si tu utilises le navigateur Opera : Clique Opera au haut et choisis : Select All Clique le bouton Empty Selected NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite. Clique Exit, du menu prinicipal, afin de fermer le programme. 4/Télécharge eScan Antivirus Toolkit ici: http://www.spywareinfo.dk/download/mwav.exe Sauvegarde-le sur ton Bureau. Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2. Étape 2: Voici comment mettre l'outil à jour : 1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").  http://img168.imageshack.us/img168/3...anunzipib8.jpg 2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes. 3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads). 4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants. Ne pas lancer le scan tout de suite ! Étape 3: Redémarre en mode Sans Échec : 1) Redémarre ton ordi 2) Tapote la touche F8 immédiatement, juste après le "Bip" 3) Tu verras un écran avec options de démarrage apparaître 4) Choisi la première option : Sans Échec, et valide avec "Entrée" 5) Choisi ton compte régulier, et non Administrateur Étape 4: Du mode Sans Échec, voici comment utiliser le programme : 1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky  http://img410.imageshack.us/img410/4966/mwavscanyb7.jpg 2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran. 3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services. 4.) Coche la boîte Drive, ce qui donne accès à une nouvelle boîte Drive (bouton rond) juste dessous ; coche ce bouton "Drive" (très important..), et tu verras une nouvelle boîte de navigation apparaître à la droite. Clique sur la petite flèche de cette boîte and choisi la lettre de ton disque dur, habituellement C:\. 5.) Juste au-dessous, assure-toi que Scan All Files est coché, et non Program Files. 6.) Clique sur Scan Clean et laisse le tool vérifier tout le disque dur (ça peut être long..). Lorsque terminé, tu verras Scan Completed. Ne pas quitter tout de suite ! 7.) Ouvre un nouveau fichier Bloc notes (clique sur "Démarrer" >> "Programmes" >>"Accessoires" >> "Bloc notes"), puis copie/colle tout le contenu de la fenêtre Virus Log Information (la deuxième, au bas) dans le fichier texte, et sauvegarde le. eScan génère également un rapport complet dans le dossier C:\Kaspersky (nommé mwav.log), mais il est trop lourd pour poster sur le forum. Ferme le programme. Redémarre ton PC en mode Normal. Poste (copie/colle) le rapport que tu as sauvegardé dans ta prochaine réponse avec le rapport OTMoveIt et un nouveau rapport HijackThis a+
__________________
|
|
|
|
|
|
07/12/2007, 19h44
|
#6 (permalink) |
|
Novice
Date d'inscription: novembre 2007
Localisation: LOIRE
Messages: 36
|
re
Impossible de télécharger OTMoveIt et AtfCleaner
je te poste le rapport MsLook quand mème, je vais récupérer les autres sur un autre poste... REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\HP Digital Imaging Monitor.lnk" "backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra 08.exe " "item"="HP Digital Imaging Monitor" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Slim Multimedia Keyboard.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Slim Multimedia Keyboard.lnk" "backup"="C:\\WINDOWS\\pss\\Slim Multimedia Keyboard.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\SLIMMU~1\\MagicKey.ex e " "item"="Slim Multimedia Keyboard" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeVersionCue] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="VersionCueTray" "hkey"="HKLM" "command"="C:\\Program Files\\Adobe\\Adobe Version Cue\\ControlPanel\\VersionCueTray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BearShare] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="BearShare" "hkey"="HKLM" "command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\funkbook] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="Roam view" "hkey"="HKCU" "command"="C:\\DOCUME~1\\UTILIS~1\\APPLIC~1\\OBJMI X~1\\Roam view.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Desktop Search] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="GoogleDesktop" "hkey"="HKLM" "command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Component Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="hpcmpmgr" "hkey"="HKLM" "command"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run" "item"="HPWuSchd" "hkey"="HKLM" "command"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] "system.ini"=dword:00000000 "win.ini"=dword:00000000 "bootini"=dword:00000000 "services"=dword:00000000 "startup"=dword:00000002 A + TARD |
|
|
|
|
08/12/2007, 13h40
|
#8 (permalink) |
|
Novice
Date d'inscription: novembre 2007
Localisation: LOIRE
Messages: 36
|
re rapport
rapport escan:
File C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\Tools\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\Tools\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. rapport SmitFraudFix: SmitFraudFix v2.217 Rapport fait à 19:13:04,48, 07/12/2007 Executé à partir de C:\Tools\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 DriveCleaner - Home ## added by CiD 127.0.0.1 ErrorProtector - Fix damaged documents, video, music, images. Registry optimization ## added by CiD 127.0.0.1 ErrorSafe - Fix computer problem. Fix slow computer, corrupt file and hard drive errors. ## added by CiD 127.0.0.1 SystemDoctor - Fix damaged documents, video, music, images. Registry optimization ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 WinAntiVirus Pro 2005 - powerful antivirus protection against all viruses ## added by CiD 127.0.0.1 WinAntiVirus Pro 2005 - powerful antivirus protection against all viruses ## added by CiD 127.0.0.1 WinAntiSpam - ## added by CiD 127.0.0.1 WinAntiSpyware - spyware protection. Remove spyware, adware and trojans. ## added by CiD 127.0.0.1 WinAntiSpyware - spyware protection. Remove spyware, adware and trojans. ## added by CiD 127.0.0.1 WinAntiVirus Pro 2007 - Antivirus protection against all viruses, hackers, spyware ## added by CiD 127.0.0.1 WinAntiVirus Pro 2007 - Antivirus protection against all viruses, hackers, spyware ## added by CiD 127.0.0.1 WinDriveCleaner - ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 portable cartouche encre ecran lcd at winfixer2006.com ## added by CiD 127.0.0.1 WinSoftware ## added by CiD »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{227834B8-6F34-4716-B049-6C775236B9BF}: DhcpNameServer=213.36.80.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{227834B8-6F34-4716-B049-6C775236B9BF}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{227834B8-6F34-4716-B049-6C775236B9BF}: DhcpNameServer=213.36.80.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{227834B8-6F34-4716-B049-6C775236B9BF}: DhcpNameServer=213.36.80.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.36.80.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=213.36.80.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.36.80.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin rapport otmoveit: File/Folder C:\avenger.zip not found. File/Folder C:\Avenger not found. File/Folder C:\avenger.txt not found. File/Folder C:\bfu.zip not found. File/Folder C:\BFU not found. File/Folder C:\combofix.exe not found. File/Folder C:\QooBox not found. C:\ComboFix*.txt moved successfully. C:\ComboFix*.txt moved successfully. File move failed. C:\Documents and Settings\utilisateur\Desktop\ComboFix*.txt scheduled to be moved on reboot. C:\WINDOWS\ComboFix*.txt moved successfully. C:\WINDOWS\system32\ComboFix*.txt moved successfully. C:\WINDOWS\system32\drivers\ComboFix*.txt moved successfully. File/Folder C:\catchme.exe not found. File/Folder C:\nircmd.exe not found. File/Folder C:\swreg.exe not found. File/Folder C:\Swxcacls.exe not found. File/Folder C:\Swsc.exe not found. File/Folder C:\dss.exe not found. File/Folder C:\Deckard not found. File/Folder C:\FindAWF.exe not found. File/Folder C:\AWF.txt not found. File/Folder C:\fixwareout.exe not found. File/Folder C:\fixwareout not found. File/Folder C:\fsbl.exe not found. C:\fsbl*.log moved successfully. C:\fsbl*.log moved successfully. File move failed. C:\Documents and Settings\utilisateur\Desktop\fsbl*.log scheduled to be moved on reboot. C:\WINDOWS\fsbl*.log moved successfully. C:\WINDOWS\system32\fsbl*.log moved successfully. C:\WINDOWS\system32\drivers\fsbl*.log moved successfully. File/Folder C:\gmer.exe not found. File/Folder C:\gmer.dll not found. File/Folder C:\gmer.ini not found. File/Folder C:\gmer.log not found. File/Folder C:\gmer_uninstall.cmd not found. File/Folder C:\gmer.sys not found. Unable to delete service gmer. File/Folder C:\haxfix.exe not found. File/Folder C:\haxfix.txt not found. File/Folder C:\killbox.exe not found. File/Folder C:\!Killbox not found. File/Folder C:\NoLop.exe not found. File/Folder C:\NoLop.txt not found. File/Folder C:\NoLopOLD.txt not found. File/Folder C:\delete.bat not found. File/Folder C:\OTMoveIt.exe not found. File/Folder C:\_OTMoveIt not found. File/Folder C:\rustbfix.exe not found. File/Folder C:\Rustbfix not found. File/Folder C:\sdfix.exe not found. File/Folder C:\SDFix not found. File/Folder C:\SmitfraudFix.exe not found. File/Folder C:\SmitfraudFix not found. File/Folder C:\rapport.txt not found. File/Folder C:\SysInsite not found. File/Folder C:\VundoFix.exe not found. File/Folder C:\VundoFix Backups not found. File/Folder C:\vundofix.txt not found. File/Folder C:\win32delfkil.exe not found. File/Folder C:\_backupD not found. File/Folder C:\windelf.txt not found. File/Folder C:\winpfind.exe not found. File/Folder C:\WinPfind not found. File/Folder C:\winpfind3u.exe not found. File/Folder C:\WinPFind3u not found. C:\cleanup.txt moved successfully. File move failed. C:\Documents and Settings\utilisateur\Bureau\OTMoveIt.exe scheduled to be moved on reboot. rapport hijack: Logfile of HijackThis v1.99.1 Scan saved at 12:35:38, on 08/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\HP Web Jetadmin\hpwebjetd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\KONICA MINOLTA\PageScope Net Care\JavaService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP Web Jetadmin\hpwebjetd.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Dell SAS RAID Storage Manager\JRE\bin\javaw.exe C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\stsystra.exe C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\PVSW\Bin\w3dbsmgr.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Pando Networks\Pando\pando.exe C:\Documents and Settings\utilisateur\Bureau\GENERATION NT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = Page initiale personnalisée R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Page initiale personnalisée R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\sw g.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Popup] "C:\Program Files\Dell SAS RAID Storage Manager\MegaPopup\Popup.exe" O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: ProfileReminder.lnk = C:\Program Files\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: Testeur de bande passante O15 - Trusted Zone: EBP Logiciels de gestion, comptabilité, paye pour PME - TPE - Particuliers O15 - Trusted Zone: http://www.free-drm-encoder.com O15 - Trusted IP range: Masita Sportswear Homepage O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1164622591218 O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O20 - AppInit_DLLs: wxvault.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Broadcom ASF IP Monitor (ASFIPmon) - Unknown owner - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (file missing) O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: KONICA MINOLTA PageScope Net Care (KM PageScope Net Care Service) - Unknown owner - C:\Program Files\KONICA MINOLTA\PageScope Net Care\JavaService.exe O23 - Service: MRMonitor (MegaMonitorSrv) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\MegaMonitor\mrmonitor.exe O23 - Service: SSMFramework (MSMFramework) - Unknown owner - C:\Program Files\Dell SAS RAID Storage Manager\Framework\VivaldiFramework.exe O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe |
|
|
|
|
08/12/2007, 15h36
|
#10 (permalink) |
|
Novice
Date d'inscription: novembre 2007
Localisation: LOIRE
Messages: 36
|
re
Désolé pour cette erreur de manip
 voilà le rapport: File/Folder C:\WINDOWS\system32\Adssite_sidebar.dll not found. C:\WINDOWS\system32\Adssite_sidebar_uninstall.exe moved successfully. C:\WINDOWS\system32\adssite-remove.exe moved successfully. File/Folder C:\WINDOWS\system32\nsc213.dll not found. Created on 12/08/2007 14:32:16 A savoir que le lien suivant ne fonctionne pas avec ma becane !!! http://download.bleepingcomputer.com...r/OTMoveIt.exe ps: Pas moyen d'accéder au site GNT avec firefox ??? Dernière modification par RIC42 08/12/2007 à 15h59. |
|
|
|