Kyra

Depuis que j'ai utilisé ComboFix, mes images ne s'affichent plus et il m'est impossible de changer mon arrière plan du bureau et lorsque je vais dans le panneau de configuartion / modifier l'arrière plan du bureau, je n'ai pas d'images, pas de gros carrés pixélisés en couleur, c'est vraiment étrange. Que se passe t il?

Je m'en occupe des demain! Encore un grand merci.

Honnetement, il a un coup de speed !! Il est super rapide, comme au début, il c prit un coup de jeune lol Sinon, puisque tu es là, je peux te poser une question? Je cherche un logiciel efficace pour nettoyer de fond en comble mon pc ( pas trop compliqué ), si tu as un nom a me conseiller, je suis preneuse Ma question doit te paraitre stupide mais saches que je n'y connais vraiment rien en informatique Merci mille fois pour ton aide.

Voici un log Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:09:12, on 14/04/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Hijackthis\HiJackThis.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- End of file - 4187 bytes Qu'en pensez vous?

J'ai ouvert le topic que tu cites avant celui ci. N'ayant pas de réponse, je me suis permise d'ouvrir celui ci et j'ai bien fait .

Merci beaucoup, vraiment! Je vais le désisntaller et je vous poste un rapport Hikackthis A de suite

Désolée, je n'avais pas lu vos réponses, gt en train de poster moi meme le log. Donc, je vais de ce pas désinstaller spyware terminator et je vous poste un log Hijackthis, ok? Merci beaucoup.

Voici: Fichier ActiveToolBand.dll reçu le 2008.04.14 22:47:18 (CET)Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.4.15.0 2008.04.14 - AntiVir 7.6.0.85 2008.04.14 - Authentium 4.93.8 2008.04.13 - Avast 4.8.1169.0 2008.04.14 - AVG 7.5.0.516 2008.04.14 - BitDefender 7.2 2008.04.14 - CAT-QuickHeal 9.50 2008.04.14 - ClamAV 0.92.1 2008.04.14 - DrWeb 4.44.0.09170 2008.04.14 - eSafe 7.0.15.0 2008.04.09 - eTrust-Vet 31.3.5697 2008.04.14 - Ewido 4.0 2008.04.14 - F-Prot 4.4.2.54 2008.04.14 - F-Secure 6.70.13260.0 2008.04.14 - FileAdvisor 1 2008.04.14 - Fortinet 3.14.0.0 2008.04.14 - Ikarus T3.1.1.26 2008.04.14 - Kaspersky 7.0.0.125 2008.04.14 - McAfee 5273 2008.04.14 - Microsoft 1.3408 2008.04.14 - NOD32v2 3026 2008.04.14 - Norman 5.80.02 2008.04.14 - Panda 9.0.0.4 2008.04.14 - Prevx1 V2 2008.04.14 - Rising 20.40.02.00 2008.04.14 - Sophos 4.28.0 2008.04.14 - Sunbelt 3.0.1041.0 2008.04.12 - Symantec 10 2008.04.14 - TheHacker 6.2.92.277 2008.04.14 - VBA32 3.12.6.4 2008.04.14 - VirusBuster 4.3.26:9 2008.04.14 - Webwasher-Gateway 6.6.2 2008.04.14 - Information additionnelle File size: 299008 bytes MD5...: a356c37d72ac22bdfbe421e7a96b51d6 SHA1..: 4fcc0f116b84164091c8ca12e061217bae67c8dc SHA256: 5f8d51103651c033fa9f828ef5d19a37275522a8bd1fc6ea041f29d9ae4e1fd9 SHA512: 228f4974ad31c5e04835a983c8a4440eea300c4148db99795d5ceea865fbf811<BR>d7f3a1c5bdd5e7b881d240f0fb5d0767d422e7c4732242ce9936bee1dd32d60d PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x100183e0<BR>timedatestamp.....: 0x462f1251 (Wed Apr 25 08:33:21 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2fb8f 0x30000 6.22 1b4a2986a64eaabd9dda8b53f69de9fe<BR>.rdata 0x31000 0xf72b 0x10000 4.36 f3a2bad86fed845257256216a11cfe89<BR>.data 0x41000 0x3470 0x2000 2.67 38ac50dcd3315d0084f128227cd85e43<BR>.rsrc 0x45000 0xe2c 0x1000 4.68 8012f9f83490ec47e3f174342432c1a0<BR>.reloc 0x46000 0x4488 0x5000 4.24 971fb398d2830ee293107b847f2e865f<BR><BR>( 5 imports ) <BR>> KERNEL32.dll: FindResourceW, LoadLibraryExW, lstrcmpiW, LoadResource, RaiseException, LeaveCriticalSection, EnterCriticalSection, SizeofResource, MultiByteToWideChar, FreeLibrary, GetLastError, lstrlenW, GetModuleFileNameW, GetModuleHandleW, InterlockedDecrement, InterlockedIncrement, InitializeCriticalSection, DeleteCriticalSection, DisableThreadLibraryCalls, FlushFileBuffers, CreateFileA, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, SetFilePointer, GetVersionExA, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetCurrentProcessId, CloseHandle, SetEvent, OpenEventA, OutputDebugStringA, OutputDebugStringW, lstrlenA, WaitForSingleObject, GetCurrentThreadId, VirtualAlloc, UnmapViewOfFile, GetSystemInfo, MapViewOfFile, CreateFileMappingA, GetCurrentThread, GetVersion, OpenFileMappingA, GetModuleFileNameA, RtlUnwind, HeapValidate, IsBadReadPtr, GetCommandLineA, HeapFree, HeapAlloc, GetProcessHeap, FatalAppExitA, DebugBreak, WideCharToMultiByte, IsDebuggerPresent, GetProcAddress, LoadLibraryA, GetStdHandle, WriteFile, WriteConsoleW, GetFileType, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, ExitProcess, LoadLibraryW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapReAlloc, HeapDestroy, HeapCreate, VirtualFree, GetOEMCP, GetCPInfo, SetHandleCount, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, VirtualQuery, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW<BR>> USER32.dll: CharNextW, UnregisterClassW, MsgWaitForMultipleObjects, PeekMessageA, IsWindowUnicode, DispatchMessageA, DispatchMessageW, TranslateMessage, GetMessageA, GetMessageW<BR>> ADVAPI32.dll: RegSetValueExW, RegEnumKeyExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, SetThreadToken, RevertToSelf, OpenThreadToken, RegQueryInfoKeyW<BR>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, StringFromGUID2, CoCreateInstance, CoReleaseMarshalData, CoMarshalInterface, CreateStreamOnHGlobal, CoUnmarshalInterface, CoRevokeClassObject, CoRegisterClassObject<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -<BR><BR>( 4 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<BR> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.4.15.0 2008.04.14 - AntiVir 7.6.0.85 2008.04.14 - Authentium 4.93.8 2008.04.13 - Avast 4.8.1169.0 2008.04.14 - AVG 7.5.0.516 2008.04.14 - BitDefender 7.2 2008.04.14 - CAT-QuickHeal 9.50 2008.04.14 - ClamAV 0.92.1 2008.04.14 - DrWeb 4.44.0.09170 2008.04.14 - eSafe 7.0.15.0 2008.04.09 - eTrust-Vet 31.3.5697 2008.04.14 - Ewido 4.0 2008.04.14 - F-Prot 4.4.2.54 2008.04.14 - F-Secure 6.70.13260.0 2008.04.14 - FileAdvisor 1 2008.04.14 - Fortinet 3.14.0.0 2008.04.14 - Ikarus T3.1.1.26 2008.04.14 - Kaspersky 7.0.0.125 2008.04.14 - McAfee 5273 2008.04.14 - Microsoft 1.3408 2008.04.14 - NOD32v2 3026 2008.04.14 - Norman 5.80.02 2008.04.14 - Panda 9.0.0.4 2008.04.14 - Prevx1 V2 2008.04.14 - Rising 20.40.02.00 2008.04.14 - Sophos 4.28.0 2008.04.14 - Sunbelt 3.0.1041.0 2008.04.12 - Symantec 10 2008.04.14 - TheHacker 6.2.92.277 2008.04.14 - VBA32 3.12.6.4 2008.04.14 - VirusBuster 4.3.26:9 2008.04.14 - Webwasher-Gateway 6.6.2 2008.04.14 - Information additionnelle File size: 299008 bytes MD5...: a356c37d72ac22bdfbe421e7a96b51d6 SHA1..: 4fcc0f116b84164091c8ca12e061217bae67c8dc SHA256: 5f8d51103651c033fa9f828ef5d19a37275522a8bd1fc6ea041f29d9ae4e1fd9 SHA512: 228f4974ad31c5e04835a983c8a4440eea300c4148db99795d5ceea865fbf811<BR>d7f3a1c5bdd5e7b881d240f0fb5d0767d422e7c4732242ce9936bee1dd32d60d PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x100183e0<BR>timedatestamp.....: 0x462f1251 (Wed Apr 25 08:33:21 2007)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x2fb8f 0x30000 6.22 1b4a2986a64eaabd9dda8b53f69de9fe<BR>.rdata 0x31000 0xf72b 0x10000 4.36 f3a2bad86fed845257256216a11cfe89<BR>.data 0x41000 0x3470 0x2000 2.67 38ac50dcd3315d0084f128227cd85e43<BR>.rsrc 0x45000 0xe2c 0x1000 4.68 8012f9f83490ec47e3f174342432c1a0<BR>.reloc 0x46000 0x4488 0x5000 4.24 971fb398d2830ee293107b847f2e865f<BR><BR>( 5 imports ) <BR>> KERNEL32.dll: FindResourceW, LoadLibraryExW, lstrcmpiW, LoadResource, RaiseException, LeaveCriticalSection, EnterCriticalSection, SizeofResource, MultiByteToWideChar, FreeLibrary, GetLastError, lstrlenW, GetModuleFileNameW, GetModuleHandleW, InterlockedDecrement, InterlockedIncrement, InitializeCriticalSection, DeleteCriticalSection, DisableThreadLibraryCalls, FlushFileBuffers, CreateFileA, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, SetFilePointer, GetVersionExA, InterlockedExchange, GetACP, GetLocaleInfoA, GetThreadLocale, GetCurrentProcessId, CloseHandle, SetEvent, OpenEventA, OutputDebugStringA, OutputDebugStringW, lstrlenA, WaitForSingleObject, GetCurrentThreadId, VirtualAlloc, UnmapViewOfFile, GetSystemInfo, MapViewOfFile, CreateFileMappingA, GetCurrentThread, GetVersion, OpenFileMappingA, GetModuleFileNameA, RtlUnwind, HeapValidate, IsBadReadPtr, GetCommandLineA, HeapFree, HeapAlloc, GetProcessHeap, FatalAppExitA, DebugBreak, WideCharToMultiByte, IsDebuggerPresent, GetProcAddress, LoadLibraryA, GetStdHandle, WriteFile, WriteConsoleW, GetFileType, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, ExitProcess, LoadLibraryW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapReAlloc, HeapDestroy, HeapCreate, VirtualFree, GetOEMCP, GetCPInfo, SetHandleCount, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, VirtualQuery, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW<BR>> USER32.dll: CharNextW, UnregisterClassW, MsgWaitForMultipleObjects, PeekMessageA, IsWindowUnicode, DispatchMessageA, DispatchMessageW, TranslateMessage, GetMessageA, GetMessageW<BR>> ADVAPI32.dll: RegSetValueExW, RegEnumKeyExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, SetThreadToken, RevertToSelf, OpenThreadToken, RegQueryInfoKeyW<BR>> ole32.dll: CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, StringFromGUID2, CoCreateInstance, CoReleaseMarshalData, CoMarshalInterface, CreateStreamOnHGlobal, CoUnmarshalInterface, CoRevokeClassObject, CoRegisterClassObject<BR>> OLEAUT32.dll: -, -, -, -, -, -, -, -<BR><BR>( 4 exports ) <BR>DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer<BR>

Bonsoir, Merci pour ton intervention. Quelle est la démarche a suivre pour supprimer cette ligne?

Regarde, un scan avec mon antivirus, tu en penses quoi? Apparement c'est bon, non? AntiVir PersonalEdition Classic Report file date: lundi 14 avril 2008 22:17 Scanning for 1199805 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Username: Chantal Computer name: PC-DE-CHANTAL Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 08:16:02 ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 08:17:59 ANTIVIR3.VDF : 7.0.3.160 75776 Bytes 14/04/2008 08:34:12 AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 12/04/2008 08:17:59 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/04/2008 08:16:03 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Rootkit search Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp Logging..........................: high Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Scan memory......................: off Process scan.....................: off Scan registry....................: off Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Expanded search settings.........: 0x00300922 Start of the scan: lundi 14 avril 2008 22:17 Starting search for hidden objects. HKEY_USERS\S-1-5-21-2142300943-1678600101-2100165802-1000\Software\Matt Holwood\MessengerDiscovery Live\lm5 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2142300943-1678600101-2100165802-1000\Software\Matt Holwood\MessengerDiscovery Live\lm4 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2142300943-1678600101-2100165802-1000\Software\Matt Holwood\MessengerDiscovery Live\lm3 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2142300943-1678600101-2100165802-1000\Software\Matt Holwood\MessengerDiscovery Live\lm2 [NOTE] The registry entry is invisible. HKEY_USERS\S-1-5-21-2142300943-1678600101-2100165802-1000\Software\Matt Holwood\MessengerDiscovery Live\lm1 [NOTE] The registry entry is invisible. '477189' objects were checked, '5' hidden objects were found. End of the scan: lundi 14 avril 2008 22:22 Used time: 05:23 min The scan has been done completely. 0 Scanning directories 0 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 0 Files cannot be scanned 0 Files not concerned 0 Archives were scanned 0 Warnings 0 Notes 477189 Objects were scanned with rootkit scan 5 Hidden objects were found

Non, je n'ai pas de pubs qui apparaissent.

Voici: Search Navipromo version 3.5.3 commencé le 14/04/2008 à 21:41:22,41 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Chantal" Mise à jour le 09.04.2008 à 20h00 par IL-MAFIOSO Microsoft Windows Vista 6.0.6001 Internet Explorer : 7.0.6001.18000 Système de fichiers : NTFS Executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans C:\Windows *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\ProgramData *** *** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs *** *** Recherche dossiers dans c:\users\chantal\appdata\roaming\microsoft\windows\start menu\programs *** *** Recherche dossiers dans C:\Users\Chantal\AppData\Local\virtualstore\Program Files *** *** Recherche dossiers dans C:\Users\Chantal\AppData\Roaming *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans C:\Windows\system32 * * Recherche dans C:\Users\Chantal\AppData\Local\Microsoft * * Recherche dans C:\Users\Chantal\AppData\Local\virtualstore\windows\system32 * * Recherche dans C:\Users\Chantal\AppData\Local * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans C:\Windows\system32 : * Dans C:\Users\Chantal\AppData\Local\Microsoft : * Dans C:\Users\Chantal\AppData\Local\virtualstore\windows\system32 : * Dans C:\Users\Chantal\AppData\Local : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 14/04/2008 à 21:52:04,35 ***

Merci pour ta réponse, je viens de télécharger navilog, je l'ai installé et lancé. Edit: ca y est ca fonctionne, des que c'est fini je te poste le log A de suite.

Merci pour vos réponses. J'ai configuré correctement Antivir, merci beaucoup. chance9, un grand merci pour ton aide. J'ai eu un problème avec combofix, il est sur mon bureau mais quand je l'exécute, il y a juste une barre de progression verte qui s'affiche puis un petit écran bleu et rien d'autre.... Je n'ai donc pas de log a poster, désolée. J'ai fixé les lignes que tu m'as dis, voici un nouveau rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:33:15, on 14/04/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 4492 bytes Mon pc rame toujours... et je n'ai plus d'arriere plan de bureau dispo!!! Les images ont disparues !!! Tu en penses quoi?

Bonjour, Mon post de la semaine dernière étant passé inapercu, je me permet d'en réouvrir un autre car mon pc a de plus en plus de mal, il est tres lent et spywere terminator m'indique des choses que je ne parviens pas a supprimer: Voici un rapport Antivir: ntiVir PersonalEdition Classic Report file date: lundi 14 avril 2008 15:28 Scanning for 1199805 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Username: Chantal Computer name: PC-DE-CHANTAL Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 08:16:02 ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 08:17:59 ANTIVIR3.VDF : 7.0.3.160 75776 Bytes 14/04/2008 08:34:12 AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 12/04/2008 08:17:59 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/04/2008 08:16:03 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 14 avril 2008 15:28 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 17 processes with 17 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '8' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\pagefile.sys [WARNING] The file could not be opened! End of the scan: lundi 14 avril 2008 15:55 Used time: 26:31 min The scan has been done completely. 16999 Scanning directories 190247 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 190247 Files not concerned 1314 Archives were scanned 1 Warnings 0 Notes Et un rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:03:44, on 14/04/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe C:\Windows\RtHDVCpl.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchFilterHost.exe C:\Hijackthis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe -- End of file - 4562 bytes J'espère vraiment que vous allez pouvoir m'aider! Merci beaucoup.