PC mort????

[stouf95]

salut a tous,

voila je vous laisse analyser ce rapport, je pense que ce PC ne va pas bien du tout des pages internet s'ouvre sans cesse...

 

bon courage et merci d'avance.

 

Logfile of HijackThis v1.99.1

Scan saved at 19:44:43, on 03/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\PROGRA~1\mcafee\msc\mcupdui.exe

C:\Documents and Settings\STOUPH.STOUF\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunOnce: [mcsysmon.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcsysmon.exe -regserver

O4 - HKLM\..\RunOnce: [!mcvsps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll

O4 - HKLM\..\RunOnce: [!naiannps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll

O4 - HKLM\..\RunOnce: [!mcvsqt.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll

O4 - HKLM\..\RunOnce: [!mvscfg.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll

O4 - HKLM\..\RunOnce: [!mvsver.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll

O4 - HKLM\..\RunOnce: [!naiann.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\naiann.dll

O4 - HKLM\..\RunOnce: [!mcodsax.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll

O4 - HKLM\..\RunOnce: [mcods.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcods.exe -regserver

O4 - HKLM\..\RunOnce: [!mcvspp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll

O4 - HKLM\..\RunOnce: [!mvsap.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll

O4 - HKLM\..\RunOnce: [!mpfp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll

O4 - HKLM\..\RunOnce: [!mpfmisp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll

O4 - HKLM\..\RunOnce: [!mpfaltps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfaltps.dll

O4 - HKLM\..\RunOnce: [!hwapips.dll] regsvr32.exe /s c:\PROGRA~1\FICHIE~1\mcafee\HACKER~1\hwapips.dll

O4 - HKLM\..\RunOnce: [hwapi.exe] c:\PROGRA~1\FICHIE~1\mcafee\HACKER~1\hwapi.exe -regserver

O4 - HKLM\..\RunOnce: [!fwdrvver.dll] regsvr32.exe /s c:\PROGRA~1\FICHIE~1\mcafee\fwdriver\fwdrvver.dll

O4 - HKLM\..\RunOnce: [!mcensrv.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mhn\mcensrv.dll

O4 - HKLM\..\RunOnce: [!mcmhnver.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mhn\mcmhnver.dll

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: msole - {27C5CDA5-0D9B-4675-80B6-83E5FC02C8C6} - C:\WINDOWS\msole.dll

O21 - SSODL: msdde - {7542F855-3794-4AFF-92B9-CF1579E6FB61} - C:\WINDOWS\msdde.dll (file missing)

O23 - Service: McAfee Application Installer Cleanup (0066071183484622) (0066071183484622mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP6607~1.EXE

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

Logfile of HijackThis v1.99.1

Scan saved at 20:11:42, on 03/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\PROGRA~1\mcafee\msc\mcupdui.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\livecall.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\SiteAdvisor\SiteAdv.exe

C:\Documents and Settings\STOUPH.STOUF\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gomyron.com/NjU2NA==/2/3560/homepage/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O2 - BHO: MSVPS System - {49CF52D7-8D58-4E22-A874-AAD721F5B523} - C:\WINDOWS\ddesupport.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\RunOnce: [mcsysmon.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcsysmon.exe -regserver

O4 - HKLM\..\RunOnce: [!mcvsps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll

O4 - HKLM\..\RunOnce: [!naiannps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll

O4 - HKLM\..\RunOnce: [!mcvsqt.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll

O4 - HKLM\..\RunOnce: [!mvscfg.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll

O4 - HKLM\..\RunOnce: [!mvsver.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsver.dll

O4 - HKLM\..\RunOnce: [!naiann.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\naiann.dll

O4 - HKLM\..\RunOnce: [!mcodsax.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll

O4 - HKLM\..\RunOnce: [mcods.exe] c:\PROGRA~1\mcafee\VIRUSS~1\mcods.exe -regserver

O4 - HKLM\..\RunOnce: [!mcvspp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mcvspp.dll

O4 - HKLM\..\RunOnce: [!mvsap.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll

O4 - HKLM\..\RunOnce: [!mpfp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfp.dll

O4 - HKLM\..\RunOnce: [!mpfmisp.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll

O4 - HKLM\..\RunOnce: [!mpfaltps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mpf\mc\mpfaltps.dll

O4 - HKLM\..\RunOnce: [!hwapips.dll] regsvr32.exe /s c:\PROGRA~1\FICHIE~1\mcafee\HACKER~1\hwapips.dll

O4 - HKLM\..\RunOnce: [hwapi.exe] c:\PROGRA~1\FICHIE~1\mcafee\HACKER~1\hwapi.exe -regserver

O4 - HKLM\..\RunOnce: [!fwdrvver.dll] regsvr32.exe /s c:\PROGRA~1\FICHIE~1\mcafee\fwdriver\fwdrvver.dll

O4 - HKLM\..\RunOnce: [!mcensrv.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mhn\mcensrv.dll

O4 - HKLM\..\RunOnce: [!mcmhnver.dll] regsvr32.exe /s c:\PROGRA~1\mcafee\mhn\mcmhnver.dll

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - (no CLSID) - (no file)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\WINDOWS\system32\mzoeut.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: msole - {27C5CDA5-0D9B-4675-80B6-83E5FC02C8C6} - C:\WINDOWS\msole.dll

O21 - SSODL: msdde - {7542F855-3794-4AFF-92B9-CF1579E6FB61} - C:\WINDOWS\msdde.dll (file missing)

O23 - Service: McAfee Application Installer Cleanup (0066071183484622) (0066071183484622mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP6607~1.EXE

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

[bruce lee]

Bonjour stouf95,

 

Fais un clic droit sur ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.

Fais un clic droit sur navilog1.zip et choisis "tout extraire"

Ensuite double clique sur navilog1.exe pour lancer l'installation.

Une fois l'installation terminée, le fix s'exécutera automatiquement.

(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

 

Laisse-toi guider. Au menu principal, choisis 1 et valides.

(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

 

Patiente jusqu'au message :

*** Analyse Termine le ..... ***

Appuie sur une touche comme demandé, le blocnote va s'ouvrir.

Copie-colle l'intégralité dans une réponse. Referme le blocnote.

Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

[stouf95]

j'ai essayer cette solution mais lorsque je tape 1 navilog se ferme...

[Angelo]

j'ai essayer cette solution mais lorsque je tape 1 navilog se ferme...

 

Tu as essayé de répéter l'opération ?

 

Quand je vois certain scanne, je me demande où vont les gens sur le net pour choper de telles choses sur leu PC !!!

[stouf95]

oui j'ai essayer plusieurs fois... je vais essaye en mode sans echec...

[stouf95]

et toujours rien... je pense qu'il a très mal ce pauvre pc

[bruce lee]

Re,

 

Copie-colle dans le bloc-notes :

 

C:\Windows\system32\reg.exe query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /s >> look.txt

start notepad look.txt

 

Ensuite, fichier / enregistrer-sous comme nom tu mets look.bat

Double-clique sur Look.bat. Cela va t'ouvrir un fichier au format TXT Look.txt

 

Copie et colle ici le contenu de Look.txt.

[stouf95]

re,

voici le resultat:

 

 

 

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

FP_NO_HOST_CHECK REG_SZ NO

NUMBER_OF_PROCESSORS REG_SZ 1

OS REG_SZ Windows_NT

Path REG_EXPAND_SZ C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel

PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE REG_SZ x86

PROCESSOR_IDENTIFIER REG_SZ x86 Family 6 Model 8 Stepping 1, GenuineIntel

PROCESSOR_LEVEL REG_SZ 6

PROCESSOR_REVISION REG_SZ 0801

TEMP REG_EXPAND_SZ %SystemRoot%\TEMP

TMP REG_EXPAND_SZ %SystemRoot%\TEMP

windir REG_EXPAND_SZ %SystemRoot%

 

! REG.EXE VERSION 3.0

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

FP_NO_HOST_CHECK REG_SZ NO

NUMBER_OF_PROCESSORS REG_SZ 1

OS REG_SZ Windows_NT

Path REG_EXPAND_SZ C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel

PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE REG_SZ x86

PROCESSOR_IDENTIFIER REG_SZ x86 Family 6 Model 8 Stepping 1, GenuineIntel

PROCESSOR_LEVEL REG_SZ 6

PROCESSOR_REVISION REG_SZ 0801

TEMP REG_EXPAND_SZ %SystemRoot%\TEMP

TMP REG_EXPAND_SZ %SystemRoot%\TEMP

windir REG_EXPAND_SZ %SystemRoot%

[bruce lee]

Re,

 

Télécharge SDFix(créé par AndyManchesta) et sauvegarde le sur ton Bureau.

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur
  
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8.
  
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  
• Choisis ton compte.
  

Déroule la liste des instructions ci-dessous :

• Double clic sur SDFix.exe.
  
• Appuie sur Y pour commencer le script.
  
• Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
  
• Appuie sur une touche pour redémarrer le PC.
  
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  
• Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
  

Rend toi ici :

 

C:\Documents and Settings\STOUPH.STOUF\Bureau\HijackThis.exe

 

Fait un clique droit sur HijackThis.exe puis choisis "Renommer" et nomme le stouf.

 

Poste un nouveau rapport HijackThis.

[stouf95]

voici report.txt de SDFix:

 

 

SDFix: Version 1.89

 

Run by STOUPH on 04/07/2007 at 21:33

 

Microsoft Windows XP [version 5.1.2600]

 

Running From: C:\DOCUME~1\STOUPH~1.STO\Bureau\SDFix

 

Safe Mode:

Checking Services:

 

 

 

 

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Missing Security Center Service

Restoring Missing SharedAccess Service

 

 

 

 

Bizarre???

et voilà le nouveau rapport de Hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:48:10, on 04/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\STOUPH.STOUF\Bureau\stouf.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.msn.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.fr

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll (file missing)

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: msole - {27C5CDA5-0D9B-4675-80B6-83E5FC02C8C6} - C:\WINDOWS\msole.dll

O21 - SSODL: msdde - {7542F855-3794-4AFF-92B9-CF1579E6FB61} - C:\WINDOWS\msdde.dll (file missing)

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe

O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe

O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe