Jump to content

pages de pub indésirables


Recommended Posts

Bonjour,

J'ai depuis quelques temps des pages publicitaires qui s'affichent lorsque j'ouvre une page Internet. Utilisant Internet explorer j'ai téléchargé moxilla firefox croyant que cela resoudrait mon problème. Persistant toujours j'ai cherché sur ce forum une réponse a mon problème et conseillait de passer en mode sans échec en aillant préalablement activer l'affichage des dossiers cachés. Je suis donc passé en mode sans échec apres cela et j'ai lancé un scan avec mon antivirus qui est avast, avec Spybot et Adware. J'ai supprimé ce qu'ils ont trouvé c'est a dire des cookies principalement et pas de virus. Puis j'ai éteins mon ordi et repassé en mode normal. J'ai alors scanné ac Ccleaner et Cleanup ce qui a supprimé normalement les fichier indésirables et dangereux. Mais je doute de l'efficacité de ces logiciel car a chaque scan ils retrouvent les même problèmes. Bref ceci n'est pas mon problème majeur puisque apres cela les fenêtre de pub s'affichent toujours. Je ne suis pas tres callée en informatique et je ne sais plus quoi faire. Je me suis laissée entendre que la solution pourrait être un formatage mais cela ne m'enchante guère car comme je l'ai dit plus haut je ne connait pas grand chose en informatique.

Si quelqu'un a rencontré le même problème, je serais ravie qu'il me fasse part de la solution si possible avec les manoeuvre a faire en détail.

Merci d'avance car c'est très embetant et j'ai peur pour la santé de mon ordinateur.

Pour info, j'ai un ordinateur portable avec Windows vista.

 

Configuration: Windows Vista

Firefox 2.0

Link to comment
Share on other sites

J'ai rencontré le problème mais pas encore trouvé comment le résoudre (pas sur les miens :D), surtout quand ca se produit a la fois sur Firefox et sur IE, d'autant que tu as déjà bien procédé concernant les logiciels de nettoyage.

 

Commence par vider tes fichiers "temporary internet" (on sait jamais). Maintenant sous Vista je sais pas ce que ca donne, que dit Windows Defender ? (faudrait ptetre qu'il serve celui la).

 

Ccleaner en général ca marche pas trop mal, Cleanup je connais pas. Peut être un petit scan avec Hijack this en nous collant le rapport ici ?

Link to comment
Share on other sites

Voici le rapport maint mis il y a aussi extra

 

Deckard's System Scanner v20071014.68

Run by Charlene on 2008-04-12 18:26:35

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- Last 5 Restore Point(s) --

6: 2008-04-12 12:46:29 UTC - RP208 - Point de contrôle planifié

5: 2008-04-11 18:01:39 UTC - RP207 - Windows Update

4: 2008-04-10 21:45:10 UTC - RP206 - Opération de restauration

3: 2008-04-10 21:20:33 UTC - RP205 - Opération de restauration

2: 2008-04-10 21:10:21 UTC - RP204 - Opération de restauration

 

 

-- First Restore Point --

1: 2008-04-10 18:01:23 UTC - RP203 - Windows Update

 

 

Backed up registry hives.

Performed disk cleanup.

 

Total Physical Memory: 1023 MiB (1024 MiB recommended).

 

 

-- HijackThis (run as Charlene.exe) --------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:28:04, on 12/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\Charlene\AppData\Local\ewpaktv.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Windows\system32\taskeng.exe

C:\Users\Charlene\Desktop\dss.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\SearchFilterHost.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Charlene.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ewpaktv] c:\users\charlene\appdata\local\ewpaktv.exe ewpaktv

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: E_SPSU01.lnk = C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

--

End of file - 6750 bytes

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R3 MGHwCtrl - \??\c:\windows\system32\drivers\mghwctrl.sys

 

S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>

S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>

S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>

S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>

S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>

S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>

S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 NishService (SCM Driver Daemon) - c:\program files\system control manager\edd.exe

R2 o2flash (O2Micro Flash Memory Card Service) - "c:\program files\o2micro\o2flash.exe" <Not Verified; O2Micro International; O2 MS1/MP1 Service>

R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

 

S3 WLSetupSvc (Windows Live Setup Service) - "c:\program files\windows live\installer\wlsetupsvc.exe" <Not Verified; Microsoft Corporation; Windows Live installer>

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2008-04-12 14:33:29 424 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{4DFE8B6E-14CB-43F2-8912-2DE4F615F3A7}.job

2008-04-10 00:25:13 246 --a------ C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job

2008-04-08 18:00:00 412 --a------ C:\Windows\Tasks\Pareto UNS.job

 

 

-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

 

2008-04-12 18:27:47 0 d-------- C:\Program Files\Trend Micro

2008-04-12 17:26:11 0 d-------- C:\Program Files\Panda Security

2008-04-09 13:42:02 0 d-------- C:\Program Files\Lavasoft

2008-04-09 13:42:00 0 d-------- C:\Users\All Users\Lavasoft

2008-04-09 13:41:18 0 d-------- C:\Users\All Users\Spybot - Search & Destroy

2008-04-09 13:40:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard

2008-04-09 11:58:40 0 d-------- C:\Users\All Users\Google

2008-04-08 22:07:57 0 --a------ C:\Windows\nsreg.dat

2008-04-08 13:24:59 0 d-------- C:\Users\All Users\ParetoLogic Anti-Spyware

2008-04-07 20:02:03 0 d-------- C:\Program Files\CCleaner

2008-04-07 13:31:15 0 d-------- C:\Program Files\OpenOffice.org 2.4

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-04-12 11:31:26 0 d-------- C:\Users\Charlene\AppData\Roaming\OpenOffice.org2

2008-04-12 11:30:31 13166 --a------ C:\Users\Charlene\AppData\Roaming\nvModes.001

2008-04-12 00:08:20 12 --a------ C:\Windows\bthservsdp.dat

2008-04-11 20:41:59 0 d-------- C:\Users\Charlene\AppData\Roaming\LimeWire

2008-04-11 14:27:16 15082 --a------ C:\Windows\system32\perfh00C.dat

2008-04-11 14:27:16 5084 --a------ C:\Windows\system32\perfc00C.dat

2008-04-10 23:48:28 0 d-------- C:\Program Files\Common Files

2008-04-09 12:58:59 0 d-------- C:\Program Files\Windows Mail

2008-04-08 22:08:29 0 d-------- C:\Users\Charlene\AppData\Roaming\Talkback

2008-04-08 22:07:37 0 d-------- C:\Users\Charlene\AppData\Roaming\Mozilla

2008-04-08 17:55:59 13166 --a------ C:\Users\Charlene\AppData\Roaming\nvModes.dat

2008-04-08 13:40:47 0 d-------- C:\Program Files\WinRAR 3.61 Multi

2008-04-08 13:40:47 0 d-------- C:\Program Files\Windows Sidebar

2008-04-08 13:40:47 0 d-------- C:\Program Files\Windows Photo Gallery

2008-04-08 13:40:47 0 d-------- C:\Program Files\Windows Live Safety Center

2008-04-08 13:40:47 0 d-------- C:\Program Files\Windows Journal

2008-04-08 13:40:47 0 d-------- C:\Program Files\Windows Defender

2008-04-08 13:40:47 0 d-------- C:\Program Files\Windows Collaboration

2008-04-08 13:40:47 0 d-------- C:\Program Files\Windows Calendar

2008-04-08 13:40:47 0 d-------- C:\Program Files\System Control Manager

2008-04-08 13:40:47 0 d-------- C:\Program Files\QuickTime

2008-04-08 13:40:47 0 d-------- C:\Program Files\O2Micro

2008-04-08 13:40:47 0 d-------- C:\Program Files\Movie Maker

2008-04-08 13:40:47 0 d-------- C:\Program Files\LimeWire

2008-04-07 13:30:57 0 d-------- C:\Program Files\OpenOffice.org 2.3

2008-04-07 13:26:40 0 d-------- C:\Program Files\Java

2008-02-27 23:34:49 0 d-------- C:\Program Files\Windows Live

2008-02-19 13:17:35 0 d-------- C:\Program Files\Common Files\Adobe

2008-02-01 12:17:40 587264 --a------ C:\Windows\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Galerie de photos Windows Live>

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/06/2007 09:23]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [28/04/2007 13:05]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [28/04/2007 13:05]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [28/04/2007 13:05]

"RtHDVCpl"="RtHDVCpl.exe" [10/04/2007 10:01 C:\Windows\RtHDVCpl.exe]

"MGSysCtrl"="C:\Program Files\System Control Manager\MGSysCtrl.exe" [19/04/2007 14:24]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06/09/2007 13:06]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [13/05/2006 18:36]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42]

"NeroCheck"="C:\Windows\system32\NeroCheck.exe" [09/07/2001 03:50]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [09/01/2008 16:08]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

"ewpaktv"="c:\users\charlene\appdata\local\ewpaktv.exe" [11/04/2008 11:32]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:36]

 

C:\Users\Charlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [21/01/2008 15:41:28]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

E_SPSU01.lnk - C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE [10/02/2008 18:32:51]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

bthsvcs BthServ

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- Hosts -----------------------------------------------------------------------

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

8120 more entries in hosts file.

 

 

-- End of Deckard's System Scanner: finished at 2008-04-12 18:29:17 ------------

 

 

Link to comment
Share on other sites

Dans la mesure ou c'est vista, je ne connais pas tous les processus, en rouge ce qu'il faut supprimer, en orange ce que je ne connais pas mais que je trouve louche.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:28:04, on 12/04/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\System Control Manager\MGSysCtrl.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Users\Charlene\AppData\Local\ewpaktv.exe <-- a verifier, mais très douteux

C:\Program Files\OpenOffice.org 2.4\program\soffice.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN

C:\Windows\system32\taskeng.exe

C:\Users\Charlene\Desktop\dss.exe <-- sur le bureau ??

C:\Windows\system32\conime.exe <-- si tu n'as pas le langage asiatique installé, c'est douteux.

C:\Windows\system32\SearchFilterHost.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\Charlene.exe <-- si tu sais ce que c'est tant mieux, sinon c'est déjà supprimé par ton antivirus mais pas éliminé pour de bon.

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [ewpaktv] c:\users\charlene\appdata\local\ewpaktv.exe ewpaktv

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

O4 - Global Startup: E_SPSU01.lnk = C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro\o2flash.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

 

 

Pas mieux dans l'immédiat, je me méfie des trucs qui se lancent sous Vista, quand je sais pas ......

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
×
×
  • Create New...