rapport hijackthis de M dia

[M dia]

voila mon rapport hijackthis, est-ce que quelqu'un pourrait m'indiquer, qu'est-ce que je peux enlever avec hijackthis pour que mon ordinateur fonctionne correctement (le maximum de petit truc à cocher svp)

comme je ne suis pas un doué de l'informatique... je vous demande humblement votre aide^^

 

voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:04:21, on 15/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE

C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe

C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE

C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe

C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe

C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe

C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe

C:\WINDOWS\system32\JMRaidTool.exe

C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Prg\CLEANS~1\csta.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe

C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\tubery\Mes documents\Mes fichiers reçus\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: 892267 helper - {25E0128D-AAFC-49FF-AB11-1F12C2FCC391} - C:\WINDOWS\system32\892267\892267.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKCU\..\Run: [sysW8] C:\Prg\CLEANS~1\csta.exe startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{36841125-99DA-43CE-923C-B442BE1D0C90}: NameServer = 80.10.246.1 81.253.149.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{36841125-99DA-43CE-923C-B442BE1D0C90}: NameServer = 80.10.246.1 81.253.149.2

O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe

O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 8370 bytes

 

merci d'avance

[galahad97]

voila mon rapport hijackthis, est-ce que quelqu'un pourrait m'indiquer, qu'est-ce que je peux enlever avec hijackthis pour que mon ordinateur fonctionne correctement (le maximum de petit truc à cocher svp)

comme je ne suis pas un doué de l'informatique... je vous demande humblement votre aide^^

 

voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:04:21, on 15/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE

C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe

C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE

C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe

C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe

C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe

C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe

C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe

C:\WINDOWS\system32\JMRaidTool.exe

C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Prg\CLEANS~1\csta.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe

C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\tubery\Mes documents\Mes fichiers reçus\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: 892267 helper - {25E0128D-AAFC-49FF-AB11-1F12C2FCC391} - C:\WINDOWS\system32\892267\892267.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKCU\..\Run: [sysW8] C:\Prg\CLEANS~1\csta.exe startup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\7431218\Program\fspex.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{36841125-99DA-43CE-923C-B442BE1D0C90}: NameServer = 80.10.246.1 81.253.149.2

O17 - HKLM\System\CS1\Services\Tcpip\..\{36841125-99DA-43CE-923C-B442BE1D0C90}: NameServer = 80.10.246.1 81.253.149.2

O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\7431218\Program\SERVIC~1.EXE

O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe

O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\7431218\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe

O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

 

--

End of file - 8370 bytes

 

merci d'avance

 

Bonjour M Dia,

tu es infecté par un malware

 

Télécharger Malwarebytes' Anti-Malware depuis http://www.besttechie.net/tools/mbam-setup.exe

Enregistrer ce fichier sur le Bureau.

Faire un double clic sur mbam-setup.exe pour lancer l'installation (Accepter le contrat de licence, puis valider les options par défaut).

Sur le dernier écran de la procédure d'installation, cocher la case située devant "Mettre à jour Malwarebytes' Anti-Malware", puis cliquer sur le bouton "Terminer".

 

Désactiver le module résident de ton antivirus.

Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.

Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".

Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen complet" puis cliquer sur le bouton Rechercher.

Attendre sans rien faire d'autre la fin de la recherche, puis cliquer sur le bouton "Afficher les résultats".

Vérifier que toutes les lignes sont cochées.

Cliquer sur le bouton "Supprimer la sélection"

Attendre patiemment sans rien faire d'autre la fin du nettoyage.

Un redémarrage est parfois nécessaire. Accepter.

Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.

Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.

 

Poste le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier d'installation de Malwarebytes' Anti-Malware / *-**-****

 

A+

[M dia]

c'est bon cela à fonctionner, je vs donne le rapport juste après l'opération donc je vois pas trop les effets (mais bon je suppose que sa va pas tarder^^), merci comme même:

 

Malwarebytes' Anti-Malware 1.17

Version de la base de données: 846

 

00:13:13 17/06/2008

mbam-log-6-17-2008 (00-13-13).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 155082

Temps écoulé: 36 minute(s), 26 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 1

Clé(s) du Registre infectée(s): 9

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 7

Fichier(s) infecté(s): 27

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\892267\892267.dll (Trojan.BHO) -> Unloaded module successfully.

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\CLSID\{25e0128d-aafc-49ff-ab11-1f12c2fcc391} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25e0128d-aafc-49ff-ab11-1f12c2fcc391} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\e404.e404mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\E404.e404mgr (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\Fichiers communs\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

C:\Program Files\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\data (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\892267 (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\tubery\Application Data\DriveCleaner Free (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

C:\Documents and Settings\tubery\Application Data\DriveCleaner Free\Logs (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\892267\892267.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\Documents and Settings\tubery\Local Settings\Temp\winCP0ofbVCc3.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP53\A0006191.exe (Worm.Socks) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP56\A0006388.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP59\A0007542.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP59\A0007561.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP59\A0007577.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP59\A0007578.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP61\A0007615.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP61\A0007624.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP62\A0007634.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP62\A0007651.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{4FD41D57-09AF-4122-AB88-80CBC52C0EE2}\RP62\A0007725.exe (Rogue.Installer) -> Quarantined and deleted successfully.

C:\WINDOWS\admgcx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\bdmanager.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\cru629.dat (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\WINDOWS\dmdvpnsop.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\emotigt.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\fsxloqf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cru629.dat (Trojan.Proxy) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\univrs32.dat (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Fichiers communs\DriveCleaner Free\udcsdr.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe (Rogue.DriveCleaner) -> Quarantined and deleted successfully.

C:\Program Files\NetProject\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\NetProject\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.

C:\Program Files\XPSecurityCenter\data\daily.cvd (Rogue.XPSecurityCenter) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\basevxns32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

[galahad97]

Bonsoir Mdia,

 

On a bien avancé. N'étant pas autorisé pour la suite de la désinfection, j'ai demandé l'aide d'un Helpeur qualifié.

On s'occupe de toi.

A+

[M dia]

merci pour ce que tu as fait, j'attendrais la réponse patiemment^^

[galahad97]

Bonjour Mdia,

 

J’ai une solution pour toi.

 

Ferme tes navigateurs

 

Lance Hijackthis , “do a system scan only », coche les lignes suivantes puis clic sur fix checked:

O2 - BHO: 892267 helper - {25E0128D-AAFC-49FF-AB11-1F12C2FCC391} - C:\WINDOWS\system32\892267\892267.dll

O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

 

SUPPRESSION DE CLE DE REGISTRE

 

Copier/coller ce qui suit dans le bloc notes :

 

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25E0128D-AAFC-49FF-AB11-1F12C2FCC391}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25E0128D-AAFC-49FF-AB11-1F12C2FCC391}]

 

Sans ligne blanche au début.

Enregistrez sur le bureau sous regis.reg.

Cliquez droit sur le fichier ->fusionner

Acceptez la modification du Registre:

 

SUPPRESSION DE FICHIERS

 

Utilise Windows explorer (clic droit sur le bouton démarrer, puis choisi « explorer »)

Et supprime ce fichier.

 

c:\windows\system32\892267\892267.dll

 

Après cela, redémarre l'ordinateur et poste un nouveau rapport HijackThis et dit moi comment va ton PC

 

@+

Gal