[RESOLU]demande d'analyse hijack

[Apollo]

Re,

 

Vois si tu peux désinstaller Dealio par Programmes et fonctionnalités.

 

Relance Hijackthis avec Do a system scan only et coche les cases devant les lignes suivantes: SOUS VISTA: Clic droit sur Hijackthis/exécuter en temps qu'administrateur!

 

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll

 

Ferme toutes les applications ouvertes et les navigateurs et clique sur Fix Checked

 

-----------------

OTM

 

Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien:

 

OTM

 

• Double-clique sur OTM.exe pour le lancer (l'extension .exe peut ne pas apparaître)
   
  ---> sous VISTA: clic droit: exécuter en temps qu'administrateur.
   
  Vérifie que la case Unregister Dll's and OCX's.exe soit bien cochée!
   
  
• Copie l'entièreté du code ci-dessous (depuis :Processes) ->> saisis bien les petits points devant.
  

  :Processes
  
  explorer.exe
  
  :Files
  
  C:\program files\sgpsa\mtwb3sh.dll
  C:\program files\sgpsa\bho.dll
  C:\windows\system32\ssvichosst.exe
  C:\Program Files\Dealio\kb127\Dealio.dll 
  C:\Program Files\Dealio\kb127
  C:\Program Files\Dealio
  
  :Reg
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
  "{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}]
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Yahoo Messengger"=-
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]

  
   
  

• Colle ce code dans la partie jaune de OtMoveIt3 intitulée:
  "Paste Instructions for Items to be Moved"
   
  
• Clique sur le bouton Moveit! pour lancer le nettoyage:
   
  
• Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results
  --> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
  
• Ferme OTM en cliquant sur Exit:
  

Note : Si un fichier ou un dossier ne peut être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter.

 

Après redémarrage, l'outil va encore travailler un instant; poste ensuite son rapport.

 

Fais alors un nouveau log Hijackthis stp.

 

@++

[Hart]

oui l'ordi a redemandé une redemarrage je peux dès à présent me reconnecter sur les pages zebulon

[Apollo]

Re,

 

Juste au cas où tu ne l'aurais vu, j'ai posté juste avant toi

 

Fais ce qu'il est indiqué stp.

 

@++

[Hart]

Re,

 

oui oui j'ai bien vu ton message, je suis en train d'executer, j'ai reussi à désinstaller DAELIO.. Je continue la procedure et te tiens au courant...

 

merci pour ta patience

[Hart]

VOICI LE RAPPORT otm, je continue mais pour ce qui est de hijackthis, ayant réussi à supprimer DARLIO, je n'ai pas trouvé les lignes que tu m'as indiquées.

 

je joins egalement le rapport hijack après redémarrage........

 

 

All processes killed

========== PROCESSES ==========

No active process named explorer.exe was found!

========== FILES ==========

File/Folder C:\program files\sgpsa\mtwb3sh.dll not found.

File/Folder C:\program files\sgpsa\bho.dll not found.

File/Folder C:\windows\system32\ssvichosst.exe not found.

File/Folder C:\Program Files\Dealio\kb127\Dealio.dll not found.

File/Folder C:\Program Files\Dealio\kb127 not found.

File/Folder C:\Program Files\Dealio not found.

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo Messengger deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: berna

->Temp folder emptied: 30725793 bytes

->Temporary Internet Files folder emptied: 294914594 bytes

->Java cache emptied: 761450 bytes

->FireFox cache emptied: 60337961 bytes

->Google Chrome cache emptied: 0 bytes

 

User: COCO ET STEVIE

->Temp folder emptied: 11558280 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Invité

->Temp folder emptied: 308622049 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

File delete failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.

Windows Temp folder emptied: 3818366 bytes

RecycleBin emptied: 152582868 bytes

 

Total Files Cleaned = 823,33 mb

 

 

OTM by OldTimer - Version 3.0.0.6 log created on 08172009_224836

 

Files moved on Reboot...

DllUnregisterServer procedure not found in C:\Windows\temp\logishrd\LVPrcInj01.dll

C:\Windows\temp\logishrd\LVPrcInj01.dll NOT unregistered.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

======================

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:01:20, on 17/08/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18294)

Boot mode: Normal

 

Running processes:

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Search Guard PlusU\sgpupdaters.exe

C:\Windows\Explorer.EXE

C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe

C:\Windows\notepad.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Portrait Displays\HP My Display\dthtml.exe

C:\Windows\vsnpstd3.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\WindowsMobile\wmdc.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\conime.exe

C:\hp\kbd\kbd.exe

C:\Users\berna\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.missim.org/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll (file missing)

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe

O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min /nosplash

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - Startup: WKCALREM.LNK = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: &Recherche AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\fr-FR\local\search.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/...NPUpldfr-fr.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_1_0.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540002} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

 

--

End of file - 12790 bytes

[Apollo]

Eh bien, le jour où je n'aurais plus de patience, ma place ici et ailleurs serait usurpée et j'irais jouer à la belote

 

@+tard

[Hart]

Eh bien, le jour où je n'aurais plus de patience, ma place ici et ailleurs serait usurpée et j'irais jouer à la belote

 

@+tard

Jolie phrasr, et tellement vrai, je viens de la sortir à l'assemblée lolllll

dur de faire entendre qu'un pc ne doit pas être infecté tous les 15 jours ...... Les rapports sont postés espérons que ça corrige un peu mais bon madame et contente (sont vites contente quand ça marche mais leur faire comprendre que ce n'est pas fini arghhhh) lolll

[Apollo]

Mais oui, mais le net sert aussi à s'informer sur la sécurité, il existe des tas de sites et forums très sérieux.

Là où tout le monde et n'importe qui intervient dans le sujet d'une personne qui cherche de l'aide, eh bien ce forum n'est pas sérieux parce qu'il n'est pas modéré.

 

Désinstalle ce programme: Search Guard Plus

 

Lance Hijackthis avec "do a system scan only" et coche la case devant cette ligne:

 

R3 - URLSearchHook: SearchHelper Class - {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - C:\Program Files\SGPSA\mtwb3sh.dll (file missing)

 

Clique sur Fix Checked.

 

Vérifie qu'Antivir est bien à jour et lance une analyse complète de l'ordinateur.

 

Poste-moi le rapport stp.

 

@++

[Hart]

Bonjour Apollo,

 

bon voilà qui est fait, je te poste le rapport avira.

 

 

Avira AntiVir Personal

Report file date: lundi 17 août 2009 23:40

 

Scanning for 1645164 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (Service Pack 1) [6.0.6001]

Boot mode : Normally booted

Username : berna

Computer name : PC-DE-BERNA

 

Version information:

BUILD.DAT : 9.0.0.407 Bytes 29/07/2009 10:34:00

AVSCAN.EXE : 9.0.3.7 466689 Bytes 05/08/2009 14:01:02

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 12:50:34

ANTIVIR2.VDF : 7.1.5.88 2668032 Bytes 10/08/2009 14:58:41

ANTIVIR3.VDF : 7.1.5.125 366080 Bytes 17/08/2009 18:40:37

Engineversion : 8.2.1.1

AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 11:48:05

AESCRIPT.DLL : 8.1.2.25 459130 Bytes 12/08/2009 18:36:18

AESCN.DLL : 8.1.2.4 127348 Bytes 23/07/2009 13:02:11

AERDL.DLL : 8.1.2.4 430452 Bytes 15/07/2009 12:51:00

AEPACK.DLL : 8.1.3.18 401783 Bytes 28/05/2009 15:29:32

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 18/06/2009 12:50:10

AEHEUR.DLL : 8.1.0.154 1917302 Bytes 08/08/2009 14:58:40

AEHELP.DLL : 8.1.5.3 233846 Bytes 23/07/2009 13:02:10

AEGEN.DLL : 8.1.1.56 356725 Bytes 11/08/2009 19:10:50

AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40

AECORE.DLL : 8.1.7.6 184694 Bytes 23/07/2009 13:02:09

AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 27/04/2009 11:04:33

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 09/06/2009 11:35:36

RCTEXT.DLL : 9.0.37.0 86785 Bytes 27/04/2009 11:04:33

 

Configuration settings for the scan:

Jobname.............................: Local Hard Disks

Configuration file..................: c:\program files\avira\antivir desktop\alldiscs.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: lundi 17 août 2009 23:40

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'kbd.exe' - '1' Module(s) have been scanned

Scan process 'conime.exe' - '1' Module(s) have been scanned

Scan process 'PresentationFontCache.exe' - '0' Module(s) have been scanned

Scan process 'CCC.exe' - '1' Module(s) have been scanned

Scan process 'HPHC_Service.exe' - '0' Module(s) have been scanned

Scan process 'hpqste08.exe' - '1' Module(s) have been scanned

Scan process 'FlashUtil10c.exe' - '1' Module(s) have been scanned

Scan process 'sidebar.exe' - '1' Module(s) have been scanned

Scan process 'ieuser.exe' - '1' Module(s) have been scanned

Scan process 'HookManager.exe' - '1' Module(s) have been scanned

Scan process 'mobsync.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned

Scan process 'sidebar.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'SMSTray.exe' - '1' Module(s) have been scanned

Scan process 'wmdc.exe' - '1' Module(s) have been scanned

Scan process 'MOM.exe' - '1' Module(s) have been scanned

Scan process 'vsnpstd3.exe' - '1' Module(s) have been scanned

Scan process 'dthtml.exe' - '1' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned

Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'SbPFCl.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'dwm.exe' - '1' Module(s) have been scanned

Scan process 'LVComSer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '0' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '0' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'TeamViewer_Service.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'SbPFSvc.exe' - '0' Module(s) have been scanned

Scan process 'SeaPort.exe' - '0' Module(s) have been scanned

Scan process 'SbPFLnch.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '0' Module(s) have been scanned

Scan process 'LVComSer.exe' - '0' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'DTSRVC.exe' - '0' Module(s) have been scanned

Scan process 'avguard.exe' - '0' Module(s) have been scanned

Scan process 'taskeng.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'sched.exe' - '0' Module(s) have been scanned

Scan process 'spoolsv.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'SLsvc.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'audiodg.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'Ati2evxx.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '0' Module(s) have been scanned

Scan process 'winlogon.exe' - '0' Module(s) have been scanned

Scan process 'lsm.exe' - '0' Module(s) have been scanned

Scan process 'lsass.exe' - '0' Module(s) have been scanned

Scan process 'services.exe' - '0' Module(s) have been scanned

Scan process 'csrss.exe' - '0' Module(s) have been scanned

Scan process 'wininit.exe' - '0' Module(s) have been scanned

Scan process 'csrss.exe' - '0' Module(s) have been scanned

Scan process 'smss.exe' - '0' Module(s) have been scanned

28 processes with 28 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD1

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD2

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD3

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD4

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Boot sector 'D:\'

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

 

Starting to scan executable files (registry).

The registry was scanned ( '51' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <HP>

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

Begin scan in 'D:\' <FACTORY_IMAGE>

 

 

End of the scan: mardi 18 août 2009 00:38

Used time: 58:29 Minute(s)

 

The scan has been done completely.

 

30985 Scanned directories

510752 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

510751 Files not concerned

8063 Archives were scanned

1 Warnings

1 Notes

[Apollo]

Bonjour,

 

Le scan devait être lancé avec les droits d'administrateur.

 

Search for rootkits.................: off

 

active aussi ce module.

 

Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et choisis Configure Antivir

Dans la fenêtre, coche la case Expert Mode

Juste en dessous, clique sur le menu Scanner

Sur le panneau de droite, coche la case Recherche de rootkits au dém de la recherche

 

 

 

Si la personne préfère avoir Antivir en français, il faut désinstaller cette version avant.

 

http://www.vista-xp.fr/forum/topic4162.html

 

@++