Antivirus etc rien n'abouti

salut

va dans le gestionnaire des taches puis clic sur processus puis nom de l'image
puis marque moi tous les processus et telecharge spyware terminator

ok je vais faire cette manip' merci a plus tard

ok

voilà pr la liste


Winword.exe
Wuauclt.exe
Svchost.exe
Alg.exe
IEXPLORE.EXE
IEXPLORE.EXE
TeaTimer.exe
Msmsgs.exe
ashDisp.exe
wdfmgr.exe
explorer.exe
ashWebSv.exe
NMIndexingService.exe
ashServ.exe
aswUpdSv.exe
svchost.exe
FTRTSVC.exe
Svchost.exe
Svchost.exe
Aawservice.exe
Svchost.exe
ashMaiSv.exe
taskmgr.exe
svchost.exe
svchost.exe
lsass.exe
services.exe
winlogon.exe
csrss.exe
smss.exe
rapimgr.exe
spoolsv.exe
wcescomm.exe
System
Processus inactif du systèm

telecharge mozilla firefox

puis dans le gestionnaire des tache clic droit sur les IEXPLORER terminer le processus s'i il y en a plusieur

supprime tous se que spyware terminator a detecter

merci je poursuis, je vai installer spyware terminator

ok

pr le moment après une analyse rapide avec spyware terminator, aucune menace na été détecté. Je suis entrin de faire une analyse plus complète.

ok

à moitié analyse complète :

2 objets critiques :

- AdTool.MyWebSearch.bm:c:\document and settings\michel\Local Settings\Temp\NERO13356\toolbar.exe

- MovieLand:HKCR\ApplD\DownloadManager.exe

tu supprime tous a la fin

l'analyse terminée, 3 objets critiques ont été détectés voici le rapport :

bLogfile of Spyware Terminator v2.0.1.224 (db:1.0.044.807)
Scan Time: 28/12/2007 19:41:35 length: 4523 s
Platform: Windows XP Service Pack 2 (WINNT 5.1.2600)
User: Limited
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 133855 (Critical:2)
Filter: No System items, No Safe items

Running Processes
rapimgr.exe [Microsoft Corporation] : C:\Program Files\Microsoft ActiveSync\rapimgr.exe
aawservice.exe [Lavasoft AB] : C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
FTRTSVC.exe [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe
NMIndexingService.exe [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
WINWORD.EXE [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: - {7E853D72-626A-48EC-A868-BA8D5E23E045} - File not found
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - [Google Inc.] : C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
02 - BHO: - {{FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
02 - BHO: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
02 - BHO: - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - File not found
02 - BHO: - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - File not found
02 - BHO: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
02 - BHO: - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - File not found

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} : [Nero AG] : C:\Program Files\Fichiers communs\AHEAD\LIB\NMBGMONITOR.EXE
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Proxy Proc : : C:\Documents and Settings\michel\Application Data\1SIZECOAL\EXTRA REGS.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, NeroFilterCheck : [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Joy Bike More City : : C:\Documents and Settings\All Users\Application Data\Mags Mapi Joy Bike\inter browse.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinStart : : C:\WINDOWS\rundll33.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, MS-config : : C:\WINDOWS\system32\rundll17.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup, Registering TotalScan Components : [Panda Security] : C:\Program Files\PANDA SECURITY\TOTALSCAN\ASCGUIIE.DLL
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup, Registering TotalScan Components. : [Panda Security] : C:\Program Files\PANDA SECURITY\TOTALSCAN\NPWRAPPER.DLL
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup, Registering TotalScan Components.. : [Panda Software International] : C:\Program Files\PANDA SECURITY\TOTALSCAN\LIBCOMM.DLL
04 - HKLM\System\CurrentControlSet\Control\Session Manager, BootExecute : : C:\WINDOWS\system32\LSDELETE.EXE

Shell Extensions
Extension Affichage Panorama du Panneau de configuration - {42071714-76d4-11d1-8b24-00a0c9068ff3} - : deskpan.dll
- {764BF0E1-F219-11ce-972D-00AA00A14F56} - File not found
- {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - File not found
Barre des tâches et menu Démarrer - {0DF44EAA-FF21-4412-828E-260A8728E7F1} - File not found
Comptes d'utilisateurs - {7A9D77BD-5403-11d2-8785-2E0420524153} - File not found
WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} - : C:\Program Files\WinRAR\rarext.dll
WinZip - {E0D79304-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79305-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79306-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Program Files\WinZip\WZSHLSTB.DLL
WinZip - {E0D79307-84BE-11CE-9641-444553540000} - [WinZip Computing, Inc.] : C:\Program Files\WinZip\WZSHLSTB.DLL
Appareil mobile - {49BF5420-FA7F-11cf-8011-00A0C90A8F78} - [Microsoft Corporation] : C:\Program Files\Microsoft ActiveSync\Wcesview.dll
My Logitech Pictures - {400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} - [Logitech Inc.] : C:\Program Files\Logitech\Video\Namespc2.dll
NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
- {087B3AE3-E237-4467-B8DB-5A38AB959AC9} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
- {63542C48-9552-494A-84F7-73AA6A7C99C1} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll
- {3B092F0C-7696-40E3-A80F-68D74DA84210} - [Sun Microsystems, Inc.] : C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll

Services
23 - [Lavasoft AB] : C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
23 - [Intel Corporation] : C:\WINDOWS\system32\drivers\ac97intc.sys
23 - [3Com Corporation] : C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
23 - [France Telecom] : C:\WINDOWS\system32\FTRTSVC.exe
23 - [Intel(R) Corporation] : C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
23 - [Nero AG] : C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

Threat Files
<AdTool.MyWebSearch.bm> : C:\Documents and Settings\michel\Local Settings\Temp\NERO13356\Toolbar.exe

Advanced Files Report
%PROGRAMFILES%\OpenOffice.org 2.3\program\shlxthdl.dll [Sun Microsystems, Inc.] MD5=DD6B269A3F5ABEAF526CB760DF8F3074 SIZE=335872
%PROGRAMFILES%\OpenOffice.org 2.3\program\uwinapi.dll [Sun Microsystems, Inc.] MD5=448C4676C44B18399969392C1BB0462E SIZE=98304
%PROGRAMFILES%\OpenOffice.org 2.3\program\stlport_vc7145.dll [STLport Consulting, Inc.] [STLport Standard ANSI C++ Libarary] MD5=73B98B3754998AEA0985B409B156908B SIZE=577536
%PROGRAMFILES%\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG] [Nero BackItUp] MD5=57B941BC9AF99E03ECC1E2BEF753782A SIZE=99624
%PROGRAMFILES%\WinZip\WZSHLSTB.DLL [WinZip Computing, Inc.] [WinZip] MD5=E393705B69E606CE95AB8F536EF8360F SIZE=24645
%PROGRAMFILES%\WinRAR\rarext.dll [] MD5=75B1F7A674FB292C388AAD7522B1507A SIZE=118784
%PROGRAMFILES%\PowerArchiver\PASHLEXT.DLL [ConeXware, Inc.] [PowerArchiver 2006] MD5=AFDF03EABD7274652BD480A19F41C9E1 SIZE=80384
%PROGRAMFILES%\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] [Cover Designer] MD5=B08BE238F67339373207C29E12EDDF4C SIZE=1967400
%PROGRAMFILES%\Microsoft ActiveSync\rapiproxystub.dll [] MD5=88CF195C0A5A2AF4B8C499C43C26B9EE SIZE=10752
%PROGRAMFILES%\Microsoft ActiveSync\rapimgr.exe [Microsoft Corporation] [Microsoft ActiveSync] MD5=51CFAD6A4D26EE0F1F1AC17617F01562 SIZE=180224
%PROGRAMFILES%\Lavasoft\Ad-Aware 2007\aawservice.exe [Lavasoft AB] [Ad-Aware 2007 Service] MD5=62E1B62C9DD8F446D224166A4D78B5DD SIZE=561152
%PROGRAMFILES%\Lavasoft\Ad-Aware 2007\CEAPI.dll [Lavasoft AB] [CEAPI Dynamic Link Library] MD5=554F68A89FCB47171B7CBA6C4E950438 SIZE=716800
%PROGRAMFILES%\Lavasoft\Ad-Aware 2007\Update.dll [] MD5=B467D10E0EA9D2ECAD849290A4B60700 SIZE=520192
%SYSDIR%\FTRTSVC.exe [France Telecom] [FTRTSVC NT Service] MD5=D1261099E03EEE90976EA19002995B89 SIZE=40960
%SYSDIR%\IfHelper.dll [France Télécom R&D] [IfHelper] MD5=A690AE7F4418401815CE3D73D60B8C6F SIZE=36864
%COMMONFILES%\Ahead\Lib\NMIndexingService.exe [Nero AG] [Nero Home] MD5=A328A46D87BB92CE4D8A4528E9D84787 SIZE=279848
%COMMONFILES%\Ahead\Lib\NMIndexingServicePS.dll [Nero AG] [Nero Home] MD5=49130B95291F0269689AF46A461DB034 SIZE=59176
%COMMONFILES%\Ahead\Lib\NMLogCxx.dll [Nero AG] [Nero Home] MD5=0C01B2C22322C48D8ADAE3B9D467E924 SIZE=70952
%COMMONFILES%\Ahead\Lib\log4cxx.dll [Nero AG] [Nero Home] MD5=421B260404162F1F00A9618C3F42315B SIZE=742696
%COMMONFILES%\Ahead\Lib\NMDataServices.dll [Nero AG] [Nero Home] MD5=A63E5D51FBDB18AFA2EC67CADCB062FD SIZE=2749736
%PROGRAMFILES%\Microsoft Office\OFFICE11\WINWORD.EXE [Microsoft Corporation] [Microsoft Office 2003] MD5=1EEA7DD2F1EA6EFEF380B99A90228D2F SIZE=12037688
deskpan.dll []
%PROGRAMFILES%\Microsoft ActiveSync\Wcesview.dll [Microsoft Corporation] [Microsoft ActiveSync] MD5=9E82A81A18349BF9188FF0FD9E00EC48 SIZE=245760
%PROGRAMFILES%\Logitech\Video\Namespc2.dll [Logitech Inc.] [Logitech QuickCam] MD5=C917010C3C477D92B1368490E009580F SIZE=65536
%SYSDIR%\drivers\ac97intc.sys [Intel Corporation] [Intel(r) Integrated Controller Hub Audio Driver] MD5=0F2D66D5F08EBE2F77BB904288DCF6F0 SIZE=96256
%SYSDIR%\DRIVERS\el90xbc5.sys [3Com Corporation] [3Com EtherLink PCI] MD5=6E883BF518296A40959131C2304AF714 SIZE=66591
%SYSDIR%\DRIVERS\i81xnt5.sys [Intel(R) Corporation] [Intel(R) Graphics Accelerator Drivers for Windows NT(R)] MD5=06B7EF73BA5F302EECC294CDF7E19702 SIZE=161020
%SYSDIR%\systray.exe []

End of Report



le porblème est que lorsque j'ai mis supprimer, un message est apparu me disans qu'il n'avait pas réussi à tt supprimer ...

ok alors va en mode sans echec F11 est fait un scan compler avec spyware terminator et supprime tous puis revient en mode normale et refais moi un log hijackthis

mince avant telecharge hijackthis avant de me mettre le log

un grand merci pour l'aide que tu m'apportes.

je fais ce que tu me recommandes, par contre je publierai surment le log hijackthis demain ...

encore merci

ok

bonsoir,

je poste ici le rapport d'une analyse faite avec hijackthis sur mon second PC, pourriez vous me dire si quelque chose d'anormal peut être remarqué ? MERCI

Jessyf, je suis entrin de faire le démarrage en mode sans échec etc pour mon PC numéro 1.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:11, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\styler\Styler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pauline\Bureau\CQRITE\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.249.93.99 www.google.fr
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKLM\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s
O4 - HKLM\..\Run: [Styler] C:\Program Files\styler\Styler.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Frag Settings Draw Download] C:\Documents and Settings\All Users\Application Data\2 team frag settings\drive each.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Mess Sign] C:\DOCUME~1\pauline\APPLIC~1\CDROMM~1\FOR MEAL.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA23D04C-71AC-4091-AACC-DBFCA8464EAD}: NameServer = 192.168.1.1
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
End of file - 8480 bytes

voici le second rapport avec hijackthis par contre je ne parviens pas à démarrer en mode sans échec ...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:08, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\michel\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fre
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Joy Bike More City] C:\Documents and Settings\All Users\Application Data\Mags Mapi Joy Bike\inter browse.exe
O4 - HKLM\..\Run: [WinStart] C:\Windows\rundll33.exe
O4 - HKLM\..\RunOnce: [MS-config] C:\Windows\system32\rundll17.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Proxy Proc] C:\DOCUME~1\michel\APPLIC~1\1SIZEC~1\EXTRA REGS.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
End of file - 8030 bytes

coche la ligne

O4 - HKLM\..\Run: [Joy Bike More City] C:\Documents and Settings\All Users\Application Data\Mags Mapi Joy Bike\inter browse.exe

zt clic sur fixcheked