rapport hijackthisFermé

Question

Bonjour,
j'ai un soucis avec un pc qui ne veut plus se connecter a partir de IE ou de chrome mais aucun soucis avec mozilla...
analyse et desinfection faite avec malwarebytes faite, analyse avec ad-aware faite..
meme avast ne veut plus se connecter aux serveurs pour mise a jour.
je poste ici le rapport hijackthis, merci de votre aide:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:04:41 PM, on 6/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\WINDOWSegedit.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32undll32.exe
C:\Documents and Settings\Bock\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:1028
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft	bWisd.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga	bZyng.dll
R3 - URLSearchHook: (no name) - {19A0F032-27D7-4227-BBB5-51AA9E5904F5} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IEpbrowserrecordplugin.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft	bWisd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga	bZyng.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0
pwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft	bWisd.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga	bZyng.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1423.0
pwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0
pwinext.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation
View
wiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\Run: [nnkihhsys] rundll32.exe "c:\docume~1\jim\locals~1	emp\ssttrs.dll",DllRegisterServer (User 'Jim')
O4 - HKUS\S-1-5-21-682003330-842925246-839522115-1005\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (User 'Jim')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_2_1.cab
O16 - DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} (Domino Web Access 8 Control) - https://mail02.mygulfstream.com/dwa8W.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe






Configuration: ASUS MAXIMUS FORMULA
Q9550@3.8Ghz (Zalman 9900)
ANTEC P182
2*2Go G.Skill PC8500 Pi Black
HD4870 PCS+

jlpjlp · Answer

slt c'est toi qui as mis un proxy?


colle un rapport de nettoyage avec AD REMOVER

BoTkilla · Answer

non, rien toucher...
je viens juste de nettoyer ce que je pouvais mais ce n'est pas mon pc.
je scan et poste le rapport
merci de ton aide

BoTkilla · Answer

======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

Updated by C_XX on 17/06/10 at 18:00
Contact: AdRemover.contact@gmail.com
website: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 16:21:57 on 17/06/2010, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86) 
Bock, BOCK-622F40D139 ( ) 
 
============== SEARCH ==============


0,File found: C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.1.1.inf
0,File found: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
0,File found: C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\searchplugins\mywebsearch.xml
0,Folder found: C:\Documents and Settings\Bock\Local Settings\Application Data\Conduit
0,Folder found: C:\Program Files\Conduit
0,Folder found: C:\Program Files\SGPSA
0,Folder found: C:\Documents and Settings\All Users\Application Data\Trymedia

-- File opened: C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\Prefs.js --
Line found: user_pref("ct2418376.searchengine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... 
Line found: user_pref("ct2418376.searchfromaddressbarurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241... 
Line found: user_pref("browser.search.defaultthis.enginename", "PageRage Customized Web Search"); 
Line found: user_pref("browser.search.defaultthis.enginename", "PageRage Customized Web Search"); 
Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&Sea... 
Line found: user_pref("browser.search.selectedengine", "PageRage Customized Web Search"); 
Line found: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2418376&SearchSource=13"); 
Line found: user_pref("communitytoolbar.searchfromaddressbarsavedurl", "hxxp://search.mywebsearch.com/mywebsearc... 
Line found: user_pref("ct2418376.searchengine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER... 
Line found: user_pref("ct2418376.searchfromaddressbarurl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT241... 
Line found: user_pref("extensions.mywebsearch.opensearchurl", "hxxp://search.mywebsearch.com/mywebsearch/opensea... 
Line found: user_pref("extensions.mywebsearch.prevkwdenabled", true); 
Line found: user_pref("extensions.mywebsearch.prevkwdurl", "data:text/plain); 
-- File closed --
 

1,Key found: HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
1,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
1,Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
1,Key found: HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
1,Key found: HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
1,Key found: HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
1,Key found: HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
1,Key found: HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
1,Key found: HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
0,Key found: HKLM\Software\Classes\AskIBar.PopSwatterBarButton
0,Key found: HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
0,Key found: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
0,Key found: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
0,Key found: HKLM\Software\Classes\AskToolBar.SettingsPlugin
0,Key found: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
0,Key found: HKLM\Software\Classes\ComObject.DeskbarEnabler
0,Key found: HKLM\Software\Classes\ComObject.DeskbarEnabler.1
0,Key found: HKLM\Software\Conduit
0,Key found: HKLM\Software\Trymedia Systems
0,Key found: HKCU\Software\Conduit
0,Key found: HKCU\Software\PopCap
0,Key found: HKCU\Software\AppDataLow\AskBarDis
3,Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
3,Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
3,Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36BC6ED0-E6B8-4937-BCD7-62942532A3FB}
3,Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CCEFEED-2374-4d5a-87D7-46DC4E81B3CA}
0,Key found: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
0,Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall

0,Value found: HKLM\Software\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com
0,Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
0,Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}


============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.5.2 (en-US)] **

-- C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\Prefs.js --
browser.search.defaultenginename, Google
browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
browser.search.selectedengine, PageRage Customized Web Search
browser.search.selectedengine, Dogpile Search!
browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2418376&SearchSource=13
browser.startup.homepage_override.mstone, rv:1.9.1.2
keyword.url, hxxp://ws.infospace.com/playsushi_tbard/ws/redir?_iceUrl=true& user_id=&tool_id=60231&qkw=

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
SearchAssistant: 
Search bar: 
Search Page: 
Show_ToolBar: yes
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://go.microsoft.com/fwlink/?LinkId=69157

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 2 File(s)
C:\Program Files\Ad-Remover\Backup: 2 File(s)

C:\Ad-Report-SCAN[1].txt - 17/06/2010 (4995 Byte(s)) 

End at: 16:24:04, 17/06/2010 
 
============== E.O.F ==============

BoTkilla · Answer

quelqu'un svp c'est assez urgent.
merci

BoTkilla · Answer

up

jlpjlp · Answer

j'attends toujours le rapport de suppression de AD REMOVER....

BoTkilla · Answer

regarde au dessus (4 post).
c'est le seul rapport que ad-remover m'a donne

BoTkilla · Answer

desole, pas vu avant:

======= REPORT FROM AD-REMOVER | ONLY XP/VISTA/7 =======

Updated by C_XX on 17/06/10 at 18:00
Contact: AdRemover.contact@gmail.com
website: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 11:57:50 on 18/06/2010, Normal boot

Microsoft Windows XP Professional Service Pack 3 (X86) 
Bock, BOCK-622F40D139 ( ) 
 
============== ACTION(S) ==============


0,File deleted: C:\WINDOWS\Downloaded Program Files\F3initialsetup1.0.1.1.inf
0,File deleted: C:\Program Files\Mozilla FireFox\Components\AskSearch.js
0,File deleted: C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\searchplugins\mywebsearch.xml
0,Folder deleted: C:\Documents and Settings\Bock\Local Settings\Application Data\Conduit
0,Folder deleted: C:\Program Files\Conduit
0,Folder deleted: C:\Program Files\SGPSA
0,Folder deleted: C:\Documents and Settings\All Users\Application Data\Trymedia

(!) -- Temporary files deleted.


-- File opened: C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\Prefs.js --
-- File closed --
 

1,Key deleted: HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
1,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
1,Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
1,Key deleted: HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
1,Key deleted: HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
1,Key deleted: HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
1,Key deleted: HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
1,Key deleted: HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
1,Key deleted: HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton
0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
0,Key deleted: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
0,Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin
0,Key deleted: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
0,Key deleted: HKLM\Software\Classes\ComObject.DeskbarEnabler
0,Key deleted: HKLM\Software\Classes\ComObject.DeskbarEnabler.1
0,Key deleted: HKLM\Software\Conduit
0,Key deleted: HKLM\Software\Trymedia Systems
0,Key deleted: HKCU\Software\Conduit
0,Key deleted: HKCU\Software\PopCap
0,Key deleted: HKCU\Software\AppDataLow\AskBarDis
3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
3,Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36BC6ED0-E6B8-4937-BCD7-62942532A3FB}
3,Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CCEFEED-2374-4d5a-87D7-46DC4E81B3CA}
0,Key deleted: HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
0,Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall

0,Value deleted: HKLM\Software\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com
0,Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
0,Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}


============== ADDITIONNAL SCAN ==============

** Mozilla Firefox Version [3.5.2 (en-US)] **

-- C:\Documents and Settings\Bock\Application Data\Mozilla\FireFox\Profiles\xg0uqcsz.default\Prefs.js --
browser.search.defaultenginename, Google
browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
browser.search.selectedengine, PageRage Customized Web Search
browser.search.selectedengine, Dogpile Search!
browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2418376&SearchSource=13
browser.startup.homepage_override.mstone, rv:1.9.1.2
keyword.url, hxxp://ws.infospace.com/playsushi_tbard/ws/redir?_iceUrl=true& user_id=&tool_id=60231&qkw=

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
SearchAssistant: 
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 13 File(s)
C:\Program Files\Ad-Remover\Backup: 16 File(s)

C:\Ad-Report-CLEAN[1].txt - 18/06/2010 (1164 Byte(s)) 
C:\Ad-Report-SCAN[1].txt - 17/06/2010 (6911 Byte(s)) 

End at: 11:59:36, 18/06/2010 
 
============== E.O.F ==============

jlpjlp · Answer

scan avec malwarebyte après l'avoir mis à jour, fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé: 


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 

______________________ 

Télécharge ici : 

http://images.malwareremoval.com/random/RSIT.exe 

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau. 

Double-clique sur RSIT.exe afin de lancer RSIT. 

Clique Continue à l'écran Disclaimer. 

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence. 

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. 

Poste le contenu de log.txt (<<qui sera affiché) 
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches). 

NB : Les rapports sont sauvegardés dans le dossier C:\rsit 


rs: avast en est à la version 5

BoTkilla · Answer

rapport malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2010 12:22:52 PM
mbam-log-2010-06-18 (12-22-52).txt

Scan type: Quick scan
Objects scanned: 130152
Time elapsed: 8 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jlpjlp · Answer

malwarebyte n'a pas été mis à jour avant l'analyse ...

BoTkilla · Answer

tu veux toujours le log de rsit??
ou j'attend de reposter analyse malwarebytes??

jlpjlp · Answer

je veux bien les deux
RSIT après le rapport de malwarebyte

BoTkilla · Answer

ok merci de ton aide

BoTkilla · Answer

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4212

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2010 12:36:06 PM
mbam-log-2010-06-18 (12-36-06).txt

Scan type: Quick scan
Objects scanned: 137512
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Rapport hijackthis

15 réponses

Discussions similaires

Newsletters