Analyse scan HJT

Résolu
polothentik Messages postés 32 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Salut,

J'ai comme la nette impression que mon ordinateur est virusé (le contraire m'étonnerait vraiment). J'ai fait un scan HJT et j'aurais souhaité savoir si quelqu'un pouvait me l'analyser. Merci d'avance. Pour info, je viens d'installer le Service Pack 2 de Windows XP (necessaire pour etablir une connexion entre mon iPod et iTunes), il me semble que ça n'a pas fait que du bien !!!

Logfile of HijackThis v1.99.1
Scan saved at 19:20:53, on 30/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\JupitCo.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ardCo01\ardCo011065.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\NI.UGA6P_0001_N122M2210\setup.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\~uavsetup.exe
C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\is-IMJSM.tmp\is-JMBE3.tmp
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Fichiers communs\SpyGuardPro\ugac.exe
C:\Program Files\Fichiers communs\SpyGuardPro\bm.exe
C:\Program Files\SpyGuardPro\pgs.exe
C:\Documents and Settings\hamelin garrec paul\Bureau\polo\Multimédia\Curededesintox\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/fr/fra/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.exe"
O4 - HKLM\..\Run: [SpyGuardPro] C:\Program Files\SpyGuardPro\pgs.exe
O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\SPYGUA~1\ugac.exe" -start
O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\SpyGuardPro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\SpyGuardPro\pgs.exe" /empty
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1F99E4-448C-4306-8982-F65178003363}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Merci

5 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

    F3 - REG:win.ini: load=C:\WINDOWS\system32\mlljk.exe

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe

    O
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.exe"

    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK

    O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)

    O20 - AppInit_DLLs:

    ___________________

    lance cwshredder (faire fix)
    https://www.trendmicro.com/en_us/forHome.html
    https://www.01net.com/actualites/
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/27497.html
    _____________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
    C:\DOCUME~1\HAMELI~1\LOCALS~1\Temp\winvsnet.ex

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    ___________________

    Ouvrez le poste de travail puis ouvrez le disque C et le dossier Program Files, supprimez les dossiers suivants : si presents
    FunWebProducts
    MyWebSearch
    ___________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    __________________

    analyse sur virus total ces deux fichiers et colle moi le rapport: https://www.virustotal.com/gui/
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\SpyGuardPro\pgs.exe

    ___________________

    recolle hijackhtis et dis tes soucis

    _________________________

    on verra apres: je me les mets de coté! la suite
    O4 - HKLM\..\Run: [SpyGuardPro] C:\Program Files\SpyGuardPro\pgs.exe
    O4 - HKLM\..\Run: [ugac] "C:\PROGRA~1\FICHIE~1\SPYGUA~1\ugac.exe" -start

    O4 - HKLM\..\Run: [bm] "C:\Program Files\Fichiers communs\SpyGuardPro\bm.exe" dm=http://spyguardpro.com ad=http://spyguardpro.com sd=http://ykeeper.spyguardpro.com
    O4 - HKLM\..\RunOnce: [overinstall] "C:\Program Files\SpyGuardPro\pgs.exe" /empty
    0
  2. polothentik Messages postés 32 Statut Membre
     
    Salut,

    Tout d'abord je tiens à te remercier pour l'aide précieuse que tu m'apportes... J'ai réaliser toutes les étapes indiquées ci avant.

    Voici le rapport Combofix :

    ComboFix 07-12-31.4 - hamelin garrec paul 2007-12-31 15:26:33.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.93 [GMT 1:00]
    Running from: C:\Documents and Settings\hamelin garrec paul\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\hamelin garrec paul\Application Data\SpyGuardPro
    C:\Documents and Settings\hamelin garrec paul\Application Data\SpyGuardPro\Logs\threats.log
    C:\Documents and Settings\hamelin garrec paul\Application Data\SpyGuardPro\Logs\update.log
    C:\Documents and Settings\hamelin garrec paul\Application Data\YSTEM~1
    C:\Documents and Settings\hamelin garrec paul\Mes documents\CROSOF~1
    C:\Documents and Settings\hamelin garrec paul\Mes documents\CROSOF~1.NET
    C:\Documents and Settings\hamelin garrec paul\Mes documents\DOBE~1
    C:\Documents and Settings\hamelin garrec paul\Mes documents\MCROSO~1.NET
    C:\Documents and Settings\hamelin garrec paul\Mes documents\RACLE~1
    C:\Documents and Settings\hamelin garrec paul\Mes documents\SEMBLY~1
    C:\Documents and Settings\hamelin garrec paul\Mes documents\WNSXS~1
    C:\Documents and Settings\hamelin garrec paul\ravmonlog
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Dell\AccessDirect\dadapp.exe
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Fichiers communs\Yazzle1281OinAdmin.exe
    C:\Program Files\Fichiers communs\Yazzle1281OinUninstaller.exe
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\icroso~1.net
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\mwsoemon .exe
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]06BFD91.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]06C1928.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]06C2184.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DA8F5A
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DA974A
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DA999B.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAA767.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAA880.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAAA55.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAACA6.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DAAE6C
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF43D2.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF4597.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF47E9.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF4B83.bin
    C:\Program Files\MyWebSearch\bar\Cache\[u]0[/u]0DF5845.bin
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\QuickTime\QTTask .exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\SpyGuardPro
    C:\Program Files\SpyGuardPro\history.db
    C:\Program Files\SpyGuardPro\main.log
    C:\Program Files\SpyGuardPro\ResErrors.log
    C:\Program Files\sstem3~1
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\SpyGuardPro
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\dobe~1
    C:\WINDOWS\stem~1
    C:\WINDOWS\system32\cbxyyxw.dll
    C:\WINDOWS\system32\ctfmon.exe.tmp
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\dllvirtual.exe
    C:\WINDOWS\system32\drivers\fad.sys
    C:\WINDOWS\System32\DSentry.exe
    C:\WINDOWS\system32\f1
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\system32\jkkjife.dll
    C:\WINDOWS\SYSTEM32\kjllm.ini
    C:\WINDOWS\SYSTEM32\kjllm.ini2
    C:\WINDOWS\system32\mlljk.dll
    C:\WINDOWS\system32\mlljk.exe
    C:\WINDOWS\system32\NeroCheck.exe
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\qscmccln.exe
    C:\WINDOWS\system32\r3
    C:\WINDOWS\system32\rqrqoml.dll
    C:\WINDOWS\system32\security.exe
    C:\WINDOWS\system32\stem~1
    C:\WINDOWS\system32\urlmsnlink.dat
    C:\WINDOWS\system32\wnsapisv.exe
    C:\WINDOWS\system32\wvuuuvs.dll
    C:\WINDOWS\system32\y2
    C:\WINDOWS\system32\y2\gyreo83122.exe
    C:\WINDOWS\system32\yayvwvs.dll
    C:\WINDOWS\system32\yvgughvx.dll
    C:\WINDOWS\ymante~1

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\DomainService
    -------\nm
    -------\SECURITY

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-31 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-31 15:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-12-31 14:31 . 2007-12-31 14:31 15,360 --a------ C:\WINDOWS\SYSTEM32\ctfmon .exe
    2007-12-31 14:24 . 2007-12-31 14:30 155,648 --a------ C:\WINDOWS\SYSTEM32\NeroCheck .exe
    2007-12-31 14:24 . 2007-12-31 14:30 28,672 --a------ C:\WINDOWS\SYSTEM32\DSentry .exe
    2007-12-31 02:24 . 2007-12-31 02:24 <REP> d-------- C:\Program Files\Red Kawa
    2007-12-31 02:24 . 2007-12-31 02:24 <REP> d-------- C:\Program Files\AviSynth 2.5
    2007-12-30 19:18 . 2007-12-30 19:18 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
    2007-12-30 19:10 . 2007-12-30 19:10 <REP> d-------- C:\Program Files\Free iPod Video Converter
    2007-12-30 19:10 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\SYSTEM32\ac3filter.ax
    2007-12-30 19:10 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\SYSTEM32\GplMpgDec.ax
    2007-12-30 18:55 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\SYSTEM32\msxml3a.dll
    2007-12-30 18:52 . 2007-12-30 18:50 365,056 --a------ C:\WINDOWS\SYSTEM32\OLD77.tmp
    2007-12-30 18:45 . 2007-12-30 18:45 <REP> d-------- C:\WINDOWS\SYSTEM32\ardCo01
    2007-12-30 18:45 . 2007-12-30 18:45 <REP> d-------- C:\Temp\cEeer12
    2007-12-30 18:45 . 2007-12-31 15:39 <REP> d-------- C:\Temp
    2007-12-30 18:45 . 2007-12-30 18:45 224,816 --a------ C:\Temp\iniag2101.exe
    2007-12-30 01:44 . 2007-12-30 01:44 <REP> d-------- C:\Program Files\iPod
    2007-12-30 01:43 . 2007-12-31 15:38 <REP> d-------- C:\Program Files\iTunes
    2007-12-30 01:43 . 2007-12-30 01:43 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2007-12-30 01:43 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys
    2007-12-29 20:04 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmgr.sys
    2007-12-29 20:04 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltmc.exe
    2007-12-29 20:04 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\fltlib.dll
    2007-12-29 20:00 . 2007-12-29 20:00 <REP> d-------- C:\Program Files\MSXML 4.0
    2007-12-29 19:55 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
    2007-12-29 19:44 . 2007-12-29 19:44 <REP> d-------- C:\Documents and Settings\LocalService\Menu D‚marrer
    2007-12-29 19:29 . 2007-12-30 02:28 1,393 --a------ C:\WINDOWS\imsins.BAK
    2007-12-29 19:26 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\SYSTEM32\wmpns.dll
    2007-12-29 19:21 . 2007-12-29 19:21 <REP> d-------- C:\WINDOWS\ServicePackFiles
    2007-12-29 19:18 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0[/u]02457_.tmp
    2007-12-29 19:14 . 2007-12-29 19:14 <REP> d-------- C:\WINDOWS\EHome
    2007-12-28 23:18 . 2007-12-31 14:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-28 23:18 . 2007-12-30 01:44 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-28 23:17 . 2007-12-28 23:17 <REP> d-------- C:\Program Files\Apple Software Update
    2007-12-28 23:17 . 2007-12-28 23:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2007-12-18 00:21 . 2007-12-18 00:21 <REP> d-------- C:\Program Files\Google
    2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\WINDOWS\SYSTEM32\QuickTimeVR.qtx
    2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\WINDOWS\SYSTEM32\QuickTime.qts
    2007-12-02 23:39 . 2007-12-02 23:40 <REP> d-------- C:\NDK

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-31 14:38 --------- d-----w C:\Program Files\QuickTime
    2007-12-31 14:38 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-30 17:39 --------- d-----w C:\Program Files\MessengerDiscovery
    2007-12-30 00:45 --------- d-----w C:\Documents and Settings\hamelin garrec paul\Application Data\Apple Computer
    2007-12-28 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-25 12:55 --------- d-----w C:\Program Files\Jasc Software Inc
    2007-11-25 12:51 --------- d-----w C:\Program Files\Dell
    2007-11-25 12:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-25 12:50 --------- d-----w C:\Program Files\Canon
    2007-11-25 12:47 --------- d-----w C:\Program Files\IRAI
    2007-11-25 12:47 --------- d-----w C:\Program Files\Azureus
    2007-11-25 12:46 --------- d-----w C:\Program Files\AutoCAD 2004
    2007-11-25 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
    2007-11-25 12:41 --------- d-----w C:\Program Files\Logitech
    2007-11-25 12:41 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2007-11-25 12:37 --------- d-----w C:\Program Files\Wanadoo
    2007-11-25 12:36 --------- d-----w C:\Program Files\PartyGaming.Net
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    .
    [code]
    ----a-w 75,392 2007-12-31 13:30:43 C:\Program Files\Alwil Software\Avast4\ashDisp .exe
    ----a-w 209,800 2007-12-31 13:30:30 C:\Program Files\Dell\AccessDirect\dadapp .exe
    ----a-w 127,022 2007-12-31 13:30:35 C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS .EXE
    ----a-w 49,152 2007-12-31 13:30:36 C:\Program Files\HP\HP Software Update\HPWuSchd .exe
    ----a-w 241,664 2007-12-31 13:30:38 C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
    ----a-w 267,048 2007-12-31 13:30:52 C:\Program Files\iTunes\iTunesHelper .exe
    ----a-w 132,496 2007-12-31 13:30:43 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
    ----a-w 5,674,352 2007-12-31 13:31:18 C:\Program Files\MSN Messenger\msnmsgr .exe
    ----a-w 286,720 2007-12-31 13:30:49 C:\Program Files\QuickTime\QTTask .exe
    ----a-w 610,304 2007-12-31 13:30:31 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
    ----a-w 110,592 2007-12-31 13:30:30 C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
    ----a-w 15,360 2007-12-31 13:31:01 C:\WINDOWS\SYSTEM32\ctfmon .exe
    ----a-w 28,672 2007-12-31 13:30:33 C:\WINDOWS\SYSTEM32\DSentry .exe
    ----a-w 155,648 2007-12-31 13:30:35 C:\WINDOWS\SYSTEM32\NeroCheck .exe
    ----a-w 114,741 2007-12-31 13:30:35 C:\WINDOWS\SYSTEM32\dla\tfswctrl .exe
    [/code]

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{856D3658-D223-45C6-9F97-949FA9B9F669}]
    C:\Program Files\Services en ligne\holesuC:\WINDOWS\system32\y2\gyreo83122.exe.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-11-20 09:10 4866048]
    "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 06:59 122880 C:\WINDOWS\BCMSMMSG.exe]
    "DadApp"="C:\Program Files\Dell\AccessDirect\dadapp.exe" [ ]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
    "DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [ ]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
    "LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [ ]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [ ]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [ ]
    "USB SECURITY DEVICE CoInstaller"="JupitCo.exe" [2002-05-03 12:08 28931 C:\WINDOWS\SYSTEM32\JupitCo.exe]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
    "MS Unix Binary"="msnq3insller.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 15:52 44544]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DHCP Client]
    @="Service"

    S1 SABKUTIL;SABKUTIL;C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys []
    S3 ASUS_USB;ASUS SpaceLink WLAN USB Driver;C:\WINDOWS\system32\DRIVERS\AWLUSB.sys [2002-08-06 09:28]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\System32\AWINDIS5.SYS [2002-04-11 16:43]
    S3 CA500AI;SPCA500A Still Image Capture, Sunplus Version 1.00;C:\WINDOWS\system32\Drivers\BULKUSB.sys []
    S3 CA500AV;Digital Video Camera(Video);C:\WINDOWS\system32\DRIVERS\CA500AV.SYS []
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 13:23]
    S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 18:08]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 18:11]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 18:11]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 18:13]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 18:15]
    S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\wg511nd5.sys []
    S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2005-08-16 10:23]
    S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\System32\ZDCndis5.SYS []

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-29 16:29:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-31 15:43:35
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-31 15:47:14 - machine was rebooted
    C:\qoobox\ComboFix-quarantined-files.txt 2007-12-31 14:47:10
    .
    2007-12-31 01:46:05 --- E O F ---

    Voici le rapport HJT :

    Logfile of HijackThis v1.99.1
    Scan saved at 16:09:27, on 31/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\system32\JupitCo.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\hamelin garrec paul\Bureau\polo\Multimédia\Curededesintox\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {856D3658-D223-45C6-9F97-949FA9B9F669} - C:\Program Files\Services en ligne\holesuC:\WINDOWS\system32\y2\gyreo83122.exe.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [USB SECURITY DEVICE CoInstaller] JupitCo.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://polothentik.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/24b07dfe403816aa7706/netzip/RdxIE601_fr.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1F99E4-448C-4306-8982-F65178003363}: NameServer = 192.168.1.1
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

    Merci d'avance.
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fix cette ligne

    O2 - BHO: (no name) - {856D3658-D223-45C6-9F97-949FA9B9F669} - C:\Program Files\Services en ligne\holesuC:\WINDOWS\system32\y2\gyreo83122.exe.dll (file missing)

    ________________

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    ______________________

    remplace avast par antivir et colle un rapport

    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)

    et dis tes soucis
    0
  4. polothentik
     
    Salut

    Je te remercie infiniement...
    Mon ordinateur a maintenant la patate !
    Merci pour ton aide !

    Tcho
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    de rien si problème tu dis-
    0