pub à gogo ! Résolu

Question

Bonsoir , mon pc est infesté de pub ;il suffit que je sois connecté a internet  est c est l invasion!!!!! , de l aide s il vous plait merci !
ps: je suis sous vista

Destrio5 · Answer

Salut,

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.

zapeuse · Answer

ok merci j essaye

Destrio5 · Answer

Ne coche rien.

Tu as normalement une deuxième fenêtre qui s'est ouverte. Colle le contenu ici.

zapeuse · Answer

qu une seule fentre d ouverte et j y arrive vraiment pas !

Destrio5 · Answer

Je te fais une photo.

Destrio5 · Answer

http://www.noelshack.com/uploads/HJT032943.jpg

Destrio5 · Answer

Si tu n'arrives pas à faire ça, tu ne vas pas arriver à faire la suite lol.

zapeuse · Answer

j ai tous recommencer et voilà le resultat haha    
Scan saved at 00:03:57, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32undll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Filesnamfler
aomf.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\utilisateur\AppData\Local\kasiy.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\program filesnamfleradprcmp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [ejfgujyn] c:\users\utilisateur\appdata\local\ejfgujyn.exe ejfgujyn
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [about plan] "C:\ProgramData\Sectthunkthunk.f4022"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\part fast vga.ydf58tp"
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [kasiy] "c:\users\utilisateur\appdata\local\kasiy.exe" kasiy
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

Oula, il y a du taf'

---> Désactive l'UAC le temps de la désinfection :
http://www.commentcamarche.net/faq/sujet 8343 vista desactiver l uac

---> Télécharge Lop S&D sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
---> Double-clique dessus pour lancer l'installation
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
---> Séléctionne la langue souhaitée, puis choisis l'option 1 (Recherche)
---> Patiente jusqu'à la fin du scan
---> Poste le rapport généré (C:\lopR.txt)

zapeuse · Answer

j ai fais ce qu il fallait et j ai une fenêtre bleue qui apparais ou je dois sélectionner la langue, mais  rien sur le bureau et impossible de sélectionné quoi que ce soit !! si t es crever on continus demain merci encore

Destrio5 · Answer

Clique sur la fenêtre bleue et choisis la langue.

zapeuse · Answer

sur la fenetre il y a de marquer  administrateur    S&D

Destrio5 · Answer

Quitte Lop S&D.

Sur ton Bureau, clique droit sur le raccourci de Lop S&D et choisis Exécuter en tant qu'administrateur puis tu suis ma procédure.

Destrio5 · Answer

Normalement si.

zapeuse · Answer

--------------------\  Lop S&D 4.2.4-4   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6000 ) 
   X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU           T2060  @ 1.60GHz )
   BIOS : Ver 1.00PARTTBLP
   USER : utilisateur ( Not Administrator ! )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total : 34 Go Free : 1 Go
   D:\ (Local Disk) - NTFS - Total : 33 Go Free : 27 Go
   E:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
   Option : [1] ( 29/09/2008| 1:11 )

   [ UAC => 0 ]
 
   --------------------\  Listing des dossiers dans Local  

   [05/05/2008|09:52] C:\Users\UTILIS~1\AppData\Local\acer eNM
   [09/06/2007|20:02] C:\Users\UTILIS~1\AppData\Local\Adobe
   [17/08/2008|17:21] C:\Users\UTILIS~1\AppData\Local\Ahead
   [22/12/2007|00:52] C:\Users\UTILIS~1\AppData\Local\Apple
   [09/09/2008|13:50] C:\Users\UTILIS~1\AppData\Local\Apple Computer
   [01/06/2007|20:33] C:\Users\UTILIS~1\AppData\Local\Application Data 
   [27/02/2008|15:09] C:\Users\UTILIS~1\AppData\Local\Apps
   [29/09/2008|00:25] C:\Users\UTILIS~1\AppData\Local\bkcicmx.bat
   [05/08/2008|18:16] C:\Users\UTILIS~1\AppData\Local\d3d9caps.dat
   [25/09/2008|16:29] C:\Users\UTILIS~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
   [16/07/2008|17:29] C:\Users\UTILIS~1\AppData\Local\ejfgujyn.bat
   [17/07/2008|01:34] C:\Users\UTILIS~1\AppData\Local\ejfgujyn.dat
   [11/07/2008|13:11] C:\Users\UTILIS~1\AppData\Local\ejfgujyn_nav.dat
   [17/07/2008|01:34] C:\Users\UTILIS~1\AppData\Local\ejfgujyn_navps.dat
   [13/07/2007|00:03] C:\Users\UTILIS~1\AppData\Local\eMule
   [06/06/2007|17:58] C:\Users\UTILIS~1\AppData\Local\GDIPFONTCACHEV1.DAT
   [29/09/2008|00:24] C:\Users\UTILIS~1\AppData\Local\Google
   [01/06/2007|20:33] C:\Users\UTILIS~1\AppData\Local\Historique 
   [29/09/2008|00:20] C:\Users\UTILIS~1\AppData\Local\IconCache.db
   [29/09/2008|01:11] C:\Users\UTILIS~1\AppData\Local\kasiy.dat
   [17/09/2008|22:45] C:\Users\UTILIS~1\AppData\Local\kasiy.exe
   [12/09/2008|17:58] C:\Users\UTILIS~1\AppData\Local\kasiy_nav.dat
   [29/09/2008|01:11] C:\Users\UTILIS~1\AppData\Local\kasiy_navps.dat
   [17/08/2008|16:11] C:\Users\UTILIS~1\AppData\Local\Microsoft
   [29/06/2008|16:46] C:\Users\UTILIS~1\AppData\Local\Microsoft Games
   [14/06/2007|23:46] C:\Users\UTILIS~1\AppData\Local\Mozilla
   [29/09/2008|01:09] C:\Users\UTILIS~1\AppData\Local\Temp
   [01/06/2007|20:33] C:\Users\UTILIS~1\AppData\Local\Temporary Internet Files 
   [27/02/2008|15:07] C:\Users\UTILIS~1\AppData\Local\VirtualStore
   [27/07/2008|16:32] C:\Users\UTILIS~1\AppData\Local\Zylom Games
 
   --------------------\  Tâches planifiées dans C:\Windows	asks

   [28/09/2008 13:21][--a------] C:\Windows	asks\GoogleUpdateTaskUser.job
   [28/09/2008 18:13][--a------] C:\Windows	asks\Norton Security Scan.job
   [29/09/2008 00:23][--ah-----] C:\Windows	asks\SA.DAT
   [29/09/2008 00:22][--a------] C:\Windows	asks\SCHEDLGU.TXT

   --------------------\  Listing des dossiers dans C:\ProgramData
   
   [08/09/2008|21:48] C:\ProgramData\activefirsttool
   [06/09/2008|02:04] C:\ProgramData\Admin Inter 1 Mags
   [05/12/2006|01:53] C:\ProgramData\Adobe
   [22/12/2007|00:49] C:\ProgramData\Apple
   [24/12/2007|22:04] C:\ProgramData\Apple Computer
   [02/11/2006|15:02] C:\ProgramData\Application Data 
   [29/06/2008|23:41] C:\ProgramData\Azureus
   [01/06/2007|20:32] C:\ProgramData\Bureau 
   [05/12/2006|01:49] C:\ProgramData\CyberLink
   [02/11/2006|15:02] C:\ProgramData\Desktop 
   [02/11/2006|15:02] C:\ProgramData\Documents 
   [13/07/2007|00:04] C:\ProgramData\eMule
   [29/12/2007|22:09] C:\ProgramData\ezsid.dat
   [01/06/2007|20:32] C:\ProgramData\Favoris 
   [02/11/2006|15:02] C:\ProgramData\Favorites 
   [10/07/2008|20:58] C:\ProgramData\Google
   [28/09/2008|02:01] C:\ProgramData\Google Updater
   [01/06/2007|20:35] C:\ProgramData\InstallShield
   [01/06/2007|20:32] C:\ProgramData\Menu D‚marrer 
   [01/12/2007|19:50] C:\ProgramData\Messenger Plus!
   [17/08/2008|16:11] C:\ProgramData\Microsoft
   [01/06/2007|20:32] C:\ProgramData\ModŠles 
   [14/06/2007|23:46] C:\ProgramData\Mozilla
   [17/08/2008|18:56] C:\ProgramData\Nero
   [06/09/2008|02:04] C:\ProgramData\part fast vga.ydf58tp
   [27/07/2008|16:33] C:\ProgramData\Sandlot Games
   [06/09/2008|02:04] C:\ProgramData\Sectthunkthunk.f4022
   [06/09/2008|02:04] C:\ProgramData\Sectthunkthunk.oa1ne
   [29/12/2007|22:03] C:\ProgramData\Skype
   [02/11/2006|15:02] C:\ProgramData\Start Menu 
   [10/09/2008|18:07] C:\ProgramData\Symantec
   [02/11/2006|15:02] C:\ProgramData\Templates 
   [13/05/2008|13:03] C:\ProgramData\WLInstaller
   [24/08/2008|16:24] C:\ProgramData\Xerox
   [13/03/2008|03:42] C:\ProgramData\Yahoo! Companion

   --------------------\  Listing des dossiers dans C:\Program Files

   [01/06/2007|20:25] C:\Program Files\Acer Arcade Deluxe
   [01/06/2007|20:54] C:\Program Files\Acer Inc
   [05/12/2006|01:53] C:\Program Files\Adobe
   [14/08/2007|20:30] C:\Program Files\ADSL Drivers
   [19/10/2007|22:38] C:\Program Files\Adverts
   [07/06/2007|23:57] C:\Program Files\Alwil Software
   [08/09/2008|22:16] C:\Program Files\Apple Software Update
   [17/08/2008|14:47] C:\Program Files\AskSBar
   [16/08/2008|23:23] C:\Program Files\AskTBar
   [01/06/2007|20:40] C:\Program Files\Atheros
   [02/01/2008|19:55] C:\Program Files\AviSynth 2.5
   [17/08/2008|14:49] C:\Program Files\Azureus
   [07/07/2008|23:01] C:\Program Files\Bonjour
   [16/07/2007|23:59] C:\Program Files\CCleaner
   [06/09/2008|02:03] C:\Program Files\Circle Developement
   [17/08/2008|17:13] C:\Program Files\Common Files
   [05/12/2006|01:34] C:\Program Files\CONEXANT
   [05/12/2006|01:41] C:\Program Files\CyberLink
   [25/09/2008|18:32] C:\Program Files\DivX
   [13/07/2007|00:03] C:\Program Files\eMule
   [02/01/2008|19:54] C:\Program Files\eRightSoft
   [01/06/2007|20:32] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
   [10/07/2008|20:58] C:\Program Files\Google
   [07/07/2008|14:47] C:\Program Files\InstallShield Installation Information
   [05/12/2006|01:23] C:\Program Files\Intel
   [16/08/2008|19:49] C:\Program Files\Internet Explorer
   [08/09/2008|22:13] C:\Program Files\iPod
   [08/09/2008|22:14] C:\Program Files\iTunes
   [17/08/2008|15:00] C:\Program Files\Java
   [17/06/2007|23:15] C:\Program Files\K-Lite Codec Pack
   [01/06/2007|20:37] C:\Program Files\Launch Manager
   [06/09/2008|02:03] C:\Program Files\Messenger Plus! Live
   [14/05/2008|12:09] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [02/11/2006|14:37] C:\Program Files\Microsoft Games
   [02/11/2006|14:42] C:\Program Files\Movie Maker
   [09/04/2008|12:21] C:\Program Files\Mozilla Firefox
   [02/11/2006|14:37] C:\Program Files\MSBuild
   [02/11/2006|14:37] C:\Program Files\MSN
   [08/06/2007|13:15] C:\Program Files\MSXML 4.0
   [05/12/2006|01:39] C:\Program Files\NewTech Infosystems
   [28/09/2008|18:00] C:\Program Files\Norton Security Scan
   [05/06/2007|10:11] C:\Program Files\OpenOffice.org 2.2
   [12/06/2007|17:20] C:\Program Files\PC Camera
   [22/08/2008|14:00] C:\Program Files\PhotoFiltre
   [14/06/2008|00:06] C:\Program Files\QuickTime
   [01/06/2007|20:38] C:\Program Files\Realtek
   [02/11/2006|14:37] C:\Program Files\Reference Assemblies
   [12/09/2008|19:03] C:\Program Filesnamfler
   [07/07/2008|14:47] C:\Program Files\Samsung
   [29/12/2007|22:03] C:\Program Files\Skype
   [05/12/2006|01:37] C:\Program Files\SMSC
   [05/12/2006|01:31] C:\Program Files\Synaptics
   [28/09/2008|23:36] C:\Program Files\Trend Micro
   [02/11/2006|15:01] C:\Program Files\Uninstall Information
   [29/12/2007|23:25] C:\Program Files\Veoh Networks
   [02/01/2008|19:46] C:\Program Files\WinAVI MP4 Converter
   [29/08/2007|19:22] C:\Program Files\Windows Calendar
   [02/11/2006|14:42] C:\Program Files\Windows Collaboration
   [08/06/2007|13:17] C:\Program Files\Windows Defender
   [02/11/2006|14:42] C:\Program Files\Windows Journal
   [13/05/2008|13:05] C:\Program Files\Windows Live
   [16/08/2008|19:49] C:\Program Files\Windows Mail
   [24/10/2007|17:04] C:\Program Files\Windows Media Player
   [01/06/2007|20:32] C:\Program Files\Windows NT
   [02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
   [12/01/2008|02:03] C:\Program Files\Windows Sidebar
   [01/06/2007|20:35] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Common Files

   [05/12/2006|01:53] C:\Program Files\Common Files\Adobe
   [22/12/2007|00:50] C:\Program Files\Common Files\Apple
   [01/06/2007|20:35] C:\Program Files\Common Files\InstallShield
   [18/03/2008|15:11] C:\Program Files\Common Files\Java
   [05/12/2006|01:39] C:\Program Files\Common Files\LightScribe
   [13/05/2008|13:07] C:\Program Files\Common Files\microsoft shared
   [05/12/2006|01:39] C:\Program Files\Common Files\muvee Technologies
   [17/08/2008|18:56] C:\Program Files\Common Files\Nero
   [05/12/2006|01:39] C:\Program Files\Common Files\NewTech Infosystems
   [02/11/2006|13:18] C:\Program Files\Common Files\Services
   [29/12/2007|22:02] C:\Program Files\Common Files\Skype
   [02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
   [28/09/2008|18:04] C:\Program Files\Common Files\Symantec Shared
   [15/06/2007|22:18] C:\Program Files\Common Files\System
   [13/05/2008|13:06] C:\Program Files\Common Files\WindowsLiveInstaller

   --------------------\  Process

   ( 86 Processes )

   iexplore.exe ~ [PID:2648]
   iexplore.exe ~ [PID:5492]
   IEXPLORE.EXE ~ [PID:4364]

   --------------------\  Recherche avec S_Lop

   C:\ProgramData\Sectthunkthunk.f4022
   C:\ProgramData\Sectthunkthunk.oa1ne
   C:\ProgramData\part fast vga.ydf58tp
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\ProgramData\Admin Inter 1 Mags
   C:\ProgramData\Admin Inter 1 Mags\Exit bold.exe
   C:\Program Files\Adverts
   C:\Program Files\Circle Developement
   C:\Program Files\Circle Developement\Uninstall.exe
   C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies\utilisateur@www.adserver5[1].txt
   C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies\utilisateur@advertising[1].txt
   C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies\utilisateur@banner.casinoking[2].txt
   C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies\utilisateur@casinoking[1].txt
   C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies\utilisateur@adopt.euroclick[1].txt
   C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies\utilisateur@32vegas[1].txt
   C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies\utilisateur@banner.32vegas[2].txt
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "about plan"="\"C:\ProgramData\Sectthunkthunk.f4022\""
   "1 mags 16 more"="\"C:\ProgramData\part fast vga.ydf58tp\""

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-09-29 01:12:08
   Windows 6.0.6000  NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 1462
 
   --------------------\  Recherche d'autres infections

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "ejfgujyn"="c:\users\utilisateur\appdata\local\ejfgujyn.exe ejfgujyn"

   C:\Windows\System32
vs2.inf
 
   C:\Users\UTILIS~1\AppData\Local\ejfgujyn.bat
   C:\Users\UTILIS~1\AppData\Local\ejfgujyn.dat
   C:\Users\UTILIS~1\AppData\Local\ejfgujyn_nav.dat
   C:\Users\UTILIS~1\AppData\Local\ejfgujyn_navps.dat
   C:\Users\UTILIS~1\AppData\Local\kasiy.dat
   C:\Users\UTILIS~1\AppData\Local\kasiy.exe
   C:\Users\UTILIS~1\AppData\Local\kasiy_nav.dat
   C:\Users\UTILIS~1\AppData\Local\kasiy_navps.dat
   [b]==> EGDACCESS <==/b



   [F:103][D:14]-> C:\Users\UTILIS~1\AppData\Local\Temp
   [F:422][D:1]-> C:\Users\UTILIS~1\AppData\Roaming\MICROS~1\Windows\Cookies
   [F:1958][D:5]-> C:\Users\UTILIS~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
   [F:212][D:10]-> C:\$Recycle.Bin

   1 - "C:\Lop SD\LopR_1.txt" - 29/09/2008| 1:15 - Option : [1]

   --------------------\  Fin du rapport a  1:15:46
   [ UAC => 1 ]

Destrio5 · Answer

Bien.

Maintenant, tu le relances mais tu fais l'option 2 cette fois-ci.

Destrio5 · Answer

---> Supprime Lop S&D

---> Fais ceci :

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f  puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse Termine le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

Destrio5 · Answer

Relance Navilog1, fais l'option 2 et poste le rapport.

zapeuse · Answer

Clean Navipromo version 3.6.5 commencé le 29/09/2008 à  1:57:02,46

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "utilisateur" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000 
Internet Explorer : 7.0.6000.16711
Système de fichiers : NTFS

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users\utilisateur\AppData\Local\Microsoft" *


* Suppression dans "C:\Users\utilisateur\AppData\Local\virtualstore\windows\system32" *


* Suppression dans "C:\Users\utilisateur\AppData\Local" *


* Suppression dans "C:\Users\kenza\AppData\Local" *


* Suppression dans "C:\Users\sarah\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans c:\users\utilis~1\appdataoaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\kenza\appdataoaming\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "C:\Users\sarah\appdataoaming\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "C:\Users\utilisateur\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\kenza\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\sarah\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\utilisateur\AppData\Roaming" ***


*** Suppression dossiers dans "C:\Users\kenza\appdataoaming" *** 


*** Suppression dossiers dans "C:\Users\sarah\appdataoaming" *** 



*** Suppression fichiers ***

C:\Windows\system32
vs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\UTILIS~1\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *


* Dans "C:\Users\utilisateur\AppData\Local\Microsoft" *


* Dans "C:\Users\utilisateur\AppData\Local\virtualstore\windows\system32" *


* Dans "C:\Users\utilisateur\AppData\Local" *


ejfgujyn.dat trouvé ! 
Copie ejfgujyn.dat réalisée avec succès !
ejfgujyn.dat supprimé !

ejfgujyn.bat trouvé ! 
Copie ejfgujyn.bat réalisée avec succès !
ejfgujyn.bat supprimé !

ejfgujyn_nav.dat trouvé ! 
Copie ejfgujyn_nav.dat réalisée avec succès !
ejfgujyn_nav.dat supprimé !

ejfgujyn_navps.dat trouvé ! 
Copie ejfgujyn_navps.dat réalisée avec succès !
ejfgujyn_navps.dat supprimé !

kasiy.exe trouvé ! 
Copie kasiy.exe réalisée avec succès !
kasiy.exe supprimé !

kasiy.dat trouvé ! 
Copie kasiy.dat réalisée avec succès !
kasiy.dat supprimé !

kasiy_nav.dat trouvé ! 
Copie kasiy_nav.dat réalisée avec succès !
kasiy_nav.dat supprimé !

kasiy_navps.dat trouvé ! 
Copie kasiy_navps.dat réalisée avec succès !
kasiy_navps.dat supprimé !


* Dans "C:\Users\kenza\AppData\Local" * 


* Dans "C:\Users\sarah\AppData\Local" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !


*** Nettoyage terminé le 29/09/2008 à  2:05:09,52 ***

Destrio5 · Answer

---> Désinstalle Navilog1

---> Fais un scan rapide avec MalwareByte's Anti-Malware, supprime tout ce qu'il trouve et poste le rapport : 
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware

Destrio5 · Answer

---> Relance MBAM, va dans Quarantaine et supprime tout

---> Télécharge OTMoveIt2 à partir du lien ci-dessous : 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe 

---> Enregistre le fichier sur le Bureau.

---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste List Of Files/Folders to Move.



C:\ProgramData\activefirsttool\



---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES. 

---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

Destrio5 · Answer

Pas de problème.

zapeuse · Answer

Bonjour , j ai fais ce que tu m à demandé mais impossible de trouver le rapport,  Mais ....ça fais un peu plus de 40 minutes que  mon pc est allumé est je n est vu aucunes pubs !!!!!! j espère que c est bon  !!!j attends que tu me dises quoi faire  merci

Destrio5 · Answer

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Poste un nouveau rapport HijackThis

tcithare · Answer

Tu peux trouver des logiciels gratuits comme :

- CCleaner : http://get.live.com/mail/options

- PC tools : https://fr.norton.com/ 

Il vont enlever toutes les choses qui permettent aux pubs de venir sur ton ordi.

Destrio5 · Answer

C'est le rapport de cette nuit.

Clique droit sur le raccourci d'HijackThis puis choisis Exécuter en tant qu'administrateur.

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:41, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32undll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Filesnamfler
aomf.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
C:\program filesnamfleradprcmp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

zapeuse · Answer

je crois que c est le mème

Destrio5 · Answer

Non, ce n'est pas le même ;)

---> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)

Destrio5 · Answer

Fais l'option 2 de ToolBar S&D et poste le rapport.

zapeuse · Answer

-----------\  ToolBar S&D 1.2.1   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6000 ) 
   X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU           T2060  @ 1.60GHz )
   BIOS : Ver 1.00PARTTBLP
   USER : utilisateur ( Not Administrator ! )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total : 34 Go Free : 1 Go
   D:\ (Local Disk) - NTFS - Total : 33 Go Free : 27 Go
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
   Option : [2] ( 29/09/2008|14:16 )

   [ UAC => 1 ]

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\AskSBar\bar
   Echec   ! - C:\Program Files\AskSBar\SrchAstt
   Supprime! - C:\Program Files\AskTBar\bar
   Echec   ! - C:\Program Files\AskTBar\SrchAstt
   Supprime! - C:\Windows\Prefetch\BURN4FREE.EXE-91E7EA88.pf
   Supprime! - C:\Windows\Prefetch\BURN4FREE_SETUP.EXE-8705C8DB.pf
   Supprime! - C:\Windows\Prefetch\BURN4FREE_TOOLBAR_UNINSTALLER-36D836D7.pf
   Supprime! - C:\Windows\Burn4Free_Toolbar_Uninstaller_9593.exe
   Echec   ! - C:\Program Files\AskSBar
   Echec   ! - C:\Program Files\AskTBar

   -----------\ DEUXIEME PASSAGE
 
   Echec   ! - C:\Program Files\AskSBar\SrchAstt
   Echec   ! - C:\Program Files\AskTBar\SrchAstt
   Echec   ! - C:\Program Files\AskSBar
   Echec   ! - C:\Program Files\AskTBar

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\AskSBar
   C:\Program Files\AskSBar\SrchAstt
   C:\Program Files\AskTBar
   C:\Program Files\AskTBar\SrchAstt

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\Windows\system32\blank.htm"
   "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
   "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="https://fr.yahoo.com/"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 29/09/2008|14:12 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 29/09/2008|14:19 - Option : [2]

   -----------\  Fin du rapport a 14:19:06,54

Destrio5 · Answer

Il faudrait que tu fasses la manip' mais en mode sans échec :
https://blog.sosordi.net/

zapeuse · Answer

et toujours pas de pub!!!

Destrio5 · Answer

Dans ton cas, l'affichage du BIOS se traduit par le logo Acer au démarrage.

Destrio5 · Answer

Les pubs, c'est fini. Maintenant, on chasse la AskSBar.

zapeuse · Answer

ok je vais réessayer

zapeuse · Answer

bon, j ai  redémarrer en mode sans echec mais ensuite j ai voulu me reconnecter mais pas de connection alors j ai redémarrer est me voilà ! c est hyper compliqué toute ces manips!

Destrio5 · Answer

En mode sans échec, tu n'as pas Internet.

Retourne en mode sans échec et fais l'option 2 de ToolBar S&D. Enregistre le rapport sur ton Bureau.

Quand c'est terminé, reviens en mode normal et poste le rapport ici.

zapeuse · Answer

attends je reessaye je crois que je l 
ai

zapeuse · Answer

j ai coller le rapport mais quand je redemarre et je veux te le coller impossible

zapeuse · Answer

copier

Destrio5 · Answer

Tu as le rapport sous les yeux ?

zapeuse · Answer

non vu que j ai redémarrer si je relance  lop ici je ne peux pas avoir le meme rapport ?

Destrio5 · Answer

Pourquoi tu parles de Lop ?

zapeuse · Answer

non excuse toolbar .... !

Destrio5 · Answer

Ok, pour vérifier, refais l'option 1 de ToolBar S&D en mode normal et poste le rapport.

zapeuse · Answer

-----------\  ToolBar S&D 1.2.1   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6000 ) 
   X86-based PC ( Multiprocessor Free : Genuine Intel(R) CPU           T2060  @ 1.60GHz )
   BIOS : Ver 1.00PARTTBLP
   USER : utilisateur ( Not Administrator ! )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total : 34 Go Free : 3 Go
   D:\ (Local Disk) - NTFS - Total : 33 Go Free : 27 Go
   E:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
   Option : [1] ( 29/09/2008|16:02 )

   [ UAC => 1 ]

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Local Page"="C:\Windows\system32\blank.htm"
   "SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
   "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="https://fr.yahoo.com/"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 29/09/2008|14:12 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 29/09/2008|14:19 - Option : [2]
   3 - "C:\ToolBar SD\TB_3.txt" - 29/09/2008|15:41 - Option : [2]
   4 - "C:\ToolBar SD\TB_4.txt" - 29/09/2008|16:03 - Option : [1]

   -----------\  Fin du rapport a 16:03:20,46

Destrio5 · Answer

Très bien.

---> Poste un nouveau rapport HijackThis

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:59, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

Tu as deux antivirus, il n'en faut qu'un.

zapeuse · Answer

j ai avast  et dernierement j ai installer un controle parentale donne moi le nom du deuxieme que je puisse le suprimer !!!!

Destrio5 · Answer

Pardon, j'avais mal regardé, c'est juste une trace de Norton, utilise ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

zapeuse · Answer

c est fait!! est je fais quoi avec en plus c est de l anglais haha

Destrio5 · Answer

Je n'ai pas compris.

zapeuse · Answer

jai exécuté ce que tu m as envoyé cest bon !

Destrio5 · Answer

Ok, poste un nouveau rapport HijackThis.

zapeuse · Answer

je reviens dans 30mn c est l heure de la sortie d ecole de mes filles !!!!

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:59, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

Ok.

zapeuse · Answer

me revoilà

Destrio5 · Answer

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)     

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
     
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime     

O4 - HKCU\..\Run: [?????????] ??????????????e 

O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup     

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) 

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)     

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC en mode normal et poste un nouveau rapport HijackThis

zapeuse · Answer

je ne trouve pas le dernier 023 SERVICE SYMANTEC......

Destrio5 · Answer

Pas grave.

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:20:59, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

Désinstalle et réinstalle HijackThis puis refais un rapport.

zapeuse · Answer

je reviens dans un ptit moment désolé !!

Destrio5 · Answer

Ok.

zapeuse · Answer

me revoilà

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:56, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\wpcumi.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Filesnamfler
aomf.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\program filesnamfleradprcmp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

Dans CCleaner, va dans Outils puis Démarrage, supprime la ligne avec des ???????????????

zapeuse · Answer

yen a 2 avec des ?????

zapeuse · Answer

LE PREMIER YA DES ?????et un r

Destrio5 · Answer

Vire les deux.

zapeuse · Answer

c est fait

Destrio5 · Answer

Tu connais IncrediMail  ?

zapeuse · Answer

nonn!!!!!!!

Destrio5 · Answer

Supprime ces lignes :

[zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail­\incredimail_install[1].exe -startup -product IncrediMail

[SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

Destrio5 · Answer

Oui.

zapeuse · Answer

C EST FAIT

Destrio5 · Answer

Poste un dernier rapport HijackThis.

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:37:56, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\wpcumi.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Filesnamfler
aomf.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\program filesnamfleradprcmp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

C'est le rapport de tout à l'heure. Désinstalle et réinstalle HijackThis.

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:41, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\wpcumi.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Filesnamfler
aomf.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\program filesnamfleradprcmp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

Les lignes sont toujours là.

Destrio5 · Answer

Pas compris.

Destrio5 · Answer

---> Télécharge Tools Cleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser. 
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport. 
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Destrio5 · Answer

---> Supprime le dossier Navilog1 situé dans C:\Program Files\

---> Supprime le dossier LopSD situé dans C:\

---> Supprime Lop S&D et ToolBar S&D

---> Supprime Tools Cleaner

---> Redémarre ton PC et poste un nouveau rapport HijackThis

Destrio5 · Answer

Pour les deux premiers, je te l'ai indiqué.

Pour les autres, ils sont sur le Bureau normalement.

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:41, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\wpcumi.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Filesnamfler
aomf.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\program filesnamfleradprcmp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

zapeuse · Answer

elles sont toujours là

Destrio5 · Answer

Supprime la ligne avec ? et la ligne Incredimail avec CCleaner en mode sans échec.

zapeuse · Answer

désolé me revoila peut tu m expliquer comment je suprime ce que tu ma demander avec cccleaner merci

Destrio5 · Answer

Comme là :
http://www.commentcamarche.net/forum/affich 8643588 pub a gogo?page=4#84

zapeuse · Answer

c est fait, mais pas de ligne avec ?

Destrio5 · Answer

Poste un nouveau rapport HijackThis pour voir ^^

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:41, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\wpcumi.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Filesnamfler
aomf.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\program filesnamfleradprcmp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\igfxext.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] C:\Users\UTILIS~1\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

C'est l'ancien rapport.

zapeuse · Answer

haaaaaaaa !!!!!aprés avoir suprimé la ligne fallait il que je relance le nettoyage?

Destrio5 · Answer

T'as qu'à faire un nettoyage avec CCleaner si tu veux puis tu désinstalles/réinstalles HijackThis et poste un dernier rapport HijackThis.

zapeuse · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:32, on 29/09/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32undll32.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Filesnamfler
aomf.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\program filesnamfleradprcmp.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Pluginseg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [wrna3ls] C:\Program Filesnamfler
aomf.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-24-0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Filesnamfler
aofsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Destrio5 · Answer

Je sais ce qu'on va faire.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

zapeuse · Answer

pour l antyspiware  je fais comment pour l arreter je m y connait vraiment pas

Destrio5 · Answer

Passe au scan ;)

zapeuse · Answer

ComboFix 08-09-28.01 - utilisateur 2008-09-29 23:46:28.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.320 [GMT 2:00]
Lancé depuis: C:\Users\utilisateur\Downloads\ComboFix.exe
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\x64

.
(((((((((((((((((((((((((((((   Fichiers créés du 2008-08-28 au 2008-09-29  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 20:59	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\OpenOffice.org2
2008-09-29 20:36	---------	d-----w	C:\Program Files\CCleaner
2008-09-29 19:25	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\Azureus
2008-09-29 14:18	---------	d-----w	C:\ProgramData\NortonInstaller
2008-09-29 10:47	---------	d-----w	C:\ProgramData\Google Updater
2008-09-29 00:14	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\Malwarebytes
2008-09-29 00:14	---------	d-----w	C:\ProgramData\Malwarebytes
2008-09-29 00:14	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 21:36	---------	d-----w	C:\Program Files\Trend Micro
2008-09-28 16:04	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-09-28 16:00	---------	d-----w	C:\Program Files\Norton Security Scan
2008-09-25 20:26	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\Skype
2008-09-25 16:32	---------	d-----w	C:\Program Files\DivX
2008-09-25 14:07	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\skypePM
2008-09-12 17:03	---------	d--h--r	C:\Program Filesnamfler
2008-09-09 22:04	38,528	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03	17,200	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-09-08 20:16	---------	d-----w	C:\Program Files\Apple Software Update
2008-09-08 20:14	---------	d-----w	C:\Program Files\iTunes
2008-09-08 20:13	---------	d-----w	C:\Program Files\iPod
2008-09-06 00:03	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-08-24 15:37	230,432	----a-w	C:\PA207.DAT
2008-08-24 14:24	---------	d-----w	C:\ProgramData\Xerox
2008-08-22 12:00	---------	d-----w	C:\Program Files\PhotoFiltre
2008-08-17 16:56	---------	d-----w	C:\ProgramData\Nero
2008-08-17 16:56	---------	d-----w	C:\Program Files\Common Files\Nero
2008-08-17 15:18	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\Nero
2008-08-17 13:00	---------	d-----w	C:\Program Files\Java
2008-08-17 12:49	---------	d-----w	C:\Program Files\Azureus
2008-08-16 17:49	---------	d-----w	C:\Program Files\Windows Mail
2008-07-31 03:34	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34	28,160	----a-w	C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34	1,686,528	----a-w	C:\Windows\System32\gameux.dll
2008-07-30 23:47	4,247,552	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10	53,448	----a-w	C:\Windows\System32\wuauclt.exe
2008-07-19 05:10	45,768	----a-w	C:\Windows\System32\wups2.dll
2008-07-19 05:10	36,552	----a-w	C:\Windows\System32\wups.dll
2008-07-19 05:09	563,912	----a-w	C:\Windows\System32\wuapi.dll
2008-07-19 05:09	1,811,656	----a-w	C:\Windows\System32\wuaueng.dll
2008-07-19 03:44	83,456	----a-w	C:\Windows\System32\wudriver.dll
2008-07-19 03:44	1,524,736	----a-w	C:\Windows\System32\wucltux.dll
2008-07-18 20:08	163,904	----a-w	C:\Windows\System32\wuwebv.dll
2008-07-18 18:44	31,232	----a-w	C:\Windows\System32\wuapp.exe
2008-07-15 23:48	2,048	----a-w	C:\Windows\System32	zres.dll
2008-07-09 13:37	174	--sha-w	C:\Program Files\desktop.ini
2007-12-29 20:09	32	----a-w	C:\Users\All Users\ezsid.dat
2007-12-29 20:09	32	----a-w	C:\ProgramData\ezsid.dat
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 3477504]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-10 68856]
"Google Update"="C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"wrna3ls"="C:\Program Filesnamfler
aomf.exe" [2006-04-01 1253960]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]

C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D8EFF238-855E-408E-8954-075167481645}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{4112A4DE-7CF5-4435-9AD0-15A56DCC8817}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{7398CA78-F503-45A0-B307-23C66EEB8CB9}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"UDP Query User{74699DE6-00F4-4CDD-B86E-6B61822135DB}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"{5D1E7196-9F7A-46F5-9BAF-0B45E279173E}"= Disabled:UDP:C:\Users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N32KW19\incredimail_install[1].exe:IncrediMail Installer
"{B2DA9F94-AE39-453B-B95F-E85AFA0D0CED}"= Disabled:TCP:C:\Users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N32KW19\incredimail_install[1].exe:IncrediMail Installer
"TCP Query User{0E9F6395-64C8-4AF6-A014-08862ECBB74A}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{4A768C5A-CA04-465F-89BE-02B431EBC1FD}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{9413DF28-6407-43F0-80CF-039A2597277D}C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe"= UDP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{666A3E28-8176-42B8-909D-791700ABE632}C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe"= TCP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{E3AFEA56-75D3-4A94-B9FE-02875BD6437F}C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe"= UDP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{75B4919D-DEB3-48B8-9E8B-5E5F04FBDA1D}C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe"= TCP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{637764D0-5997-47AE-BACA-144D03A5805C}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{565E3234-79F9-44CF-A3EA-97D8E88BC211}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{EB38F007-7A46-4BF8-8FB8-BA1BDF4AC6BE}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"UDP Query User{37BDA417-7B89-4F87-9B89-8326B92A1D8E}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"{147B5A49-B0D0-48E6-9C95-59A9B9B14728}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3C89E7FC-64E5-4A94-B620-048110092575}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{9A50D933-43D0-4113-B313-AC915463AEC3}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{72F4486D-C360-4F3F-BE8D-5E43564DA28E}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{CA102E23-18F9-4392-8C48-6078D79E3112}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C287D1E2-518A-42AC-B0C2-8D0B99873B69}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{78CFD111-E4C2-4B3D-80A3-8A5675292E5C}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{074DA8F9-355C-4DAD-938E-8EB04FF53E7C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2CF642CC-5AA1-4EC8-9EF2-9EBFEB6D7871}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5AEB2237-271C-4CA9-8F6F-1509FD012716}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DD0719FA-478B-46F8-98EB-98099525E53A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{2173BDF4-B2E1-4FA6-BA85-5297A8E26B1F}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{99DEC475-7EE8-4967-A8DF-72A881A52A6C}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{0087B3E8-5476-40B4-B285-66690AE75B17}"= UDP:C:\Users\utilisateur\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{FF0BA473-4B32-4099-BA6B-E3AAA79D0DBB}"= TCP:C:\Users\utilisateur\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\licnk7hr.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.ircfast.com/index.php?rvs=hompag
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 23:50:38
Windows 6.0.6000  NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-09-29 23:53:15
ComboFix-quarantined-files.txt  2008-09-29 21:52:27

Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 3,047,882,752 octets libres

195	--- E O F ---	2008-09-26 11:15:16

Destrio5 · Answer

/!\ Seul zapeuse peut suivre cette procédure /!\


1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :






KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"????r"=-
"?????????"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"QuickTime Task"=-





---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt

zapeuse · Answer

hahahah tu m en demande de trop !!!!! bon j essaye

Destrio5 · Answer

Je t'ai fait la première étape, tu as juste à télécharger le CFScript ici :
https://www.mediafire.com/?sharekey=c4babc76d8bea0f6ab1eab3e9fa335caa563c66a4325dc61

zapeuse · Answer

bon j ai cliquer sur demarer mais je ne trouve pas excuter !!

Destrio5 · Answer

Regarde mon précédent message.

zapeuse · Answer

quel bloc note ?

Destrio5 · Answer

Je t'ai fait la première étape avec le bloc notes. Tu as juste à télécharger le CFScript que je t'ai créé et a passé à la deuxième étape :
https://www.mediafire.com/?sharekey=c4babc76d8bea0f6ab1eab3e9fa335caa563c66a4325dc61

zapeuse · Answer

j ai oublié de te dire que lorsque j ai télécharger combofix ça me mettais erreur a chaque foi du coup il est meme pas sur le bureau , j ai fini par le trouver mais quand je clic dessus le mème message , c est soulant !!

Destrio5 · Answer

Tu as téléchargé le fichier CFScript ? L'as-tu mis sur ComboFix ?

zapeuse · Answer

oui j ai télécharger le fichier j ai une fenetre qui s ouvre avec 2 , 3 lignes ,mais j arrive pas a glisser ça sur combo

Destrio5 · Answer

Tu restes cliquer sur CFScript et tu lâches le bouton de ta souris quand CFScript est sur ComboFix.

zapeuse · Answer

combo est dans mes documents via téléchargement quand je clic droit dessus pour l ouvrir, il s ouvre mais qu à moitié aprés plus rien

Destrio5 · Answer

A quoi tu joues ?
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

zapeuse · Answer

je viens de mettre un racourcis de combo sur le bureau et j ai esseyer de glisser le script dessus mais rien , j ai un tous petit rectangle qui s ouvre mais seulement a moitié

zapeuse · Answer

aprés plus rien

Destrio5 · Answer

...

Ne mets pas CFScript sur le raccourci mais sur ComboFix directement. Au pire, mets le fichier CFScript à l'endroit où est ComboFix.

zapeuse · Answer

j ai dejas essayer mais rien ne se passe , dis moi si je désinstalle combo si c est oui  redonne moi la marche a suivre pour le reinstaller . je sature là!!!!

Destrio5 · Answer

On verra ça demain, repose-toi.

zapeuse · Answer

ahh merci ,je dois te souler depuis hier !!!!

Destrio5 · Answer

Boarf, pas tant que ça en fait xD

zapeuse · Answer

tu dois etre occupé , je reviendrais plus tard sinon demain !!

Destrio5 · Answer

J'étais chez un ami.

Destrio5 · Answer

Mets ComboFix et le CFScript au même endroit puis déplace le CFScript sur ComboFix.

zapeuse · Answer

je le desinstalle ?

zapeuse · Answer

j espère que tu seras là demain pour que tu me dises quoi faire , encore merci ,pour tous le temps passer à m aider !

Destrio5 · Answer

ComboFix est téléchargeable ici :
https://forospyware.com

zapeuse · Answer

salut, j ai eté sur le lien que tu m as envoyé c est un site espagnol je crois mais je ne vois pas combo ! j ai trouver un autre lien sur une page de ccm  est ce que je m en sert ? si oui apres l avoir  télécharger je ferme toute les connections a internet ? J arrete avast ? ?

Destrio5 · Answer

Voici ComboFix :
http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/

Mets simplement le CFScript sur ComboFix.

zapeuse · Answer

bon j ai eté dans met documents ,téléchargement, j ai trouvé combo et dés que j ai cliqué dessus il s est ouvert  voilà ce qui est sorti ,ah oui  aussi je ne trouve pas le script ouf    ComboFix 08-09-30.03 - utilisateur 2008-10-01 23:46:57.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.334 [GMT 2:00]
Lancé depuis: C:\Users\utilisateur\Downloads\ComboFix.exe
 * Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MCHINJDRV


(((((((((((((((((((((((((((((   Fichiers créés du 2008-09-01 au 2008-10-01  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans ce laps de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 21:38	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\Azureus
2008-10-01 21:37	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\Skype
2008-10-01 18:38	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\skypePM
2008-10-01 12:47	---------	d-----w	C:\ProgramData\Google Updater
2008-10-01 09:24	230,432	----a-w	C:\PA207.DAT
2008-10-01 08:38	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\OpenOffice.org2
2008-09-29 20:36	---------	d-----w	C:\Program Files\CCleaner
2008-09-29 14:18	---------	d-----w	C:\ProgramData\NortonInstaller
2008-09-29 00:14	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\Malwarebytes
2008-09-29 00:14	---------	d-----w	C:\ProgramData\Malwarebytes
2008-09-29 00:14	---------	d-----w	C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 21:36	---------	d-----w	C:\Program Files\Trend Micro
2008-09-28 16:04	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-09-28 16:00	---------	d-----w	C:\Program Files\Norton Security Scan
2008-09-25 16:32	---------	d-----w	C:\Program Files\DivX
2008-09-12 17:03	---------	d--h--r	C:\Program Filesnamfler
2008-09-09 22:04	38,528	----a-w	C:\Windows\system32\drivers\mbamswissarmy.sys
2008-09-09 22:03	17,200	----a-w	C:\Windows\system32\drivers\mbam.sys
2008-09-08 20:16	---------	d-----w	C:\Program Files\Apple Software Update
2008-09-08 20:14	---------	d-----w	C:\Program Files\iTunes
2008-09-08 20:13	---------	d-----w	C:\Program Files\iPod
2008-09-06 00:03	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-08-24 14:24	---------	d-----w	C:\ProgramData\Xerox
2008-08-22 12:00	---------	d-----w	C:\Program Files\PhotoFiltre
2008-08-17 16:56	---------	d-----w	C:\ProgramData\Nero
2008-08-17 16:56	---------	d-----w	C:\Program Files\Common Files\Nero
2008-08-17 15:18	---------	d-----w	C:\Users\utilisateur\AppData\Roaming\Nero
2008-08-17 13:00	---------	d-----w	C:\Program Files\Java
2008-08-17 12:49	---------	d-----w	C:\Program Files\Azureus
2008-08-16 17:49	---------	d-----w	C:\Program Files\Windows Mail
2008-07-31 03:34	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34	28,160	----a-w	C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34	1,686,528	----a-w	C:\Windows\System32\gameux.dll
2008-07-30 23:47	4,247,552	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-07-19 05:10	53,448	----a-w	C:\Windows\System32\wuauclt.exe
2008-07-19 05:10	45,768	----a-w	C:\Windows\System32\wups2.dll
2008-07-19 05:10	36,552	----a-w	C:\Windows\System32\wups.dll
2008-07-19 05:09	563,912	----a-w	C:\Windows\System32\wuapi.dll
2008-07-19 05:09	1,811,656	----a-w	C:\Windows\System32\wuaueng.dll
2008-07-19 03:44	83,456	----a-w	C:\Windows\System32\wudriver.dll
2008-07-19 03:44	1,524,736	----a-w	C:\Windows\System32\wucltux.dll
2008-07-18 20:08	163,904	----a-w	C:\Windows\System32\wuwebv.dll
2008-07-18 18:44	31,232	----a-w	C:\Windows\System32\wuapp.exe
2008-07-15 23:48	2,048	----a-w	C:\Windows\System32	zres.dll
2008-07-09 13:37	174	--sha-w	C:\Program Files\desktop.ini
2007-12-29 20:09	32	----a-w	C:\Users\All Users\ezsid.dat
2007-12-29 20:09	32	----a-w	C:\ProgramData\ezsid.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-09-29_23.52.00.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28	163,328	----a-w	C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-09-29 20:58:45	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-01 21:55:15	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-09-29 20:58:45	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-01 21:55:15	2,048	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-09-29 21:01:07	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-10-01 21:56:01	262,144	--sha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat
+ 2008-10-01 21:56:01	262,144	---ha-w	C:\Windows\ServiceProfiles\LocalService
tuser.dat.LOG1
- 2008-09-29 21:01:13	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
+ 2008-10-01 21:55:56	262,144	--sha-w	C:\Windows\ServiceProfiles\NetworkService
tuser.dat
- 2008-09-29 20:58:45	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-01 21:55:37	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-29 20:58:45	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-01 21:55:37	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-29 20:58:45	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-01 21:55:37	16,384	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-29 21:46:19	262,144	----a-w	C:\Windows\System32\config\systemprofile
tuser.dat
+ 2008-10-01 21:46:45	262,144	----a-w	C:\Windows\System32\config\systemprofile
tuser.dat
+ 2008-10-01 21:46:45	262,144	---ha-w	C:\Windows\System32\config\systemprofile
tuser.dat.LOG1
- 2008-09-28 15:11:47	103,924	----a-w	C:\Windows\System32\perfc009.dat
+ 2008-10-01 19:09:33	103,924	----a-w	C:\Windows\System32\perfc009.dat
- 2008-09-28 15:11:47	117,572	----a-w	C:\Windows\System32\perfc00C.dat
+ 2008-10-01 19:09:33	117,572	----a-w	C:\Windows\System32\perfc00C.dat
- 2008-09-28 15:11:47	610,142	----a-w	C:\Windows\System32\perfh009.dat
+ 2008-10-01 19:09:33	610,142	----a-w	C:\Windows\System32\perfh009.dat
- 2008-09-28 15:11:47	690,832	----a-w	C:\Windows\System32\perfh00C.dat
+ 2008-10-01 19:09:33	690,832	----a-w	C:\Windows\System32\perfh00C.dat
- 2008-09-29 21:01:33	12,276	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-513726153-2122694420-3546362679-1000_UserData.bin
+ 2008-10-01 08:39:00	12,292	----a-w	C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-513726153-2122694420-3546362679-1000_UserData.bin
- 2008-09-29 21:01:32	69,810	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 08:39:00	69,810	----a-w	C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-09-28 01:03:56	3,564	----a-w	C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-09-30 22:51:21	3,564	----a-w	C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-09-29 21:01:30	59,606	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-01 08:38:58	59,606	----a-w	C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-09-29 16:13:26	236,786	----a-w	C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-10-01 18:25:58	238,338	----a-w	C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-09-20 00:21:32	146,020,657	----a-w	C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-10-01 10:57:39	146,615,807	----a-w	C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Instantané actualisé --
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="" [?]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-12-19 3477504]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-10 68856]
"Google Update"="C:\Users\utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-13 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32
vsvc.dll" [2006-11-22 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-11-22 7757824]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-11-22 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 81920]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-12-08 614400]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"wrna3ls"="C:\Program Filesnamfler
aomf.exe" [2006-04-01 1253960]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 C:\Windows\RtHDVCpl.exe]

C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 393216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-05 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D8EFF238-855E-408E-8954-075167481645}"= UDP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{4112A4DE-7CF5-4435-9AD0-15A56DCC8817}"= TCP:C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"TCP Query User{7398CA78-F503-45A0-B307-23C66EEB8CB9}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"UDP Query User{74699DE6-00F4-4CDD-B86E-6B61822135DB}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"{5D1E7196-9F7A-46F5-9BAF-0B45E279173E}"= Disabled:UDP:C:\Users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N32KW19\incredimail_install[1].exe:IncrediMail Installer
"{B2DA9F94-AE39-453B-B95F-E85AFA0D0CED}"= Disabled:TCP:C:\Users\utilisateur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N32KW19\incredimail_install[1].exe:IncrediMail Installer
"TCP Query User{0E9F6395-64C8-4AF6-A014-08862ECBB74A}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{4A768C5A-CA04-465F-89BE-02B431EBC1FD}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{9413DF28-6407-43F0-80CF-039A2597277D}C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe"= UDP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{666A3E28-8176-42B8-909D-791700ABE632}C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe"= TCP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{E3AFEA56-75D3-4A94-B9FE-02875BD6437F}C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe"= UDP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"UDP Query User{75B4919D-DEB3-48B8-9E8B-5E5F04FBDA1D}C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe"= TCP:C:\users\utilisateur\downloads\wow-frfr-installer-downloader.exe:wow-frfr-installer-downloader.exe
"TCP Query User{637764D0-5997-47AE-BACA-144D03A5805C}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{565E3234-79F9-44CF-A3EA-97D8E88BC211}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{EB38F007-7A46-4BF8-8FB8-BA1BDF4AC6BE}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"UDP Query User{37BDA417-7B89-4F87-9B89-8326B92A1D8E}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"{147B5A49-B0D0-48E6-9C95-59A9B9B14728}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3C89E7FC-64E5-4A94-B620-048110092575}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{9A50D933-43D0-4113-B313-AC915463AEC3}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{72F4486D-C360-4F3F-BE8D-5E43564DA28E}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{CA102E23-18F9-4392-8C48-6078D79E3112}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{C287D1E2-518A-42AC-B0C2-8D0B99873B69}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{78CFD111-E4C2-4B3D-80A3-8A5675292E5C}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{074DA8F9-355C-4DAD-938E-8EB04FF53E7C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2CF642CC-5AA1-4EC8-9EF2-9EBFEB6D7871}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{5AEB2237-271C-4CA9-8F6F-1509FD012716}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{DD0719FA-478B-46F8-98EB-98099525E53A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{2173BDF4-B2E1-4FA6-BA85-5297A8E26B1F}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{99DEC475-7EE8-4967-A8DF-72A881A52A6C}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{0087B3E8-5476-40B4-B285-66690AE75B17}"= UDP:C:\Users\utilisateur\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool
"{FF0BA473-4B32-4099-BA6B-E3AAA79D0DBB}"= TCP:C:\Users\utilisateur\AppData\Local\Temp\WZSE0.TMP\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 31232]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\licnk7hr.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.ircfast.com/index.php?rvs=hompag
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 23:56:58
Windows 6.0.6000  NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Filesnamfler
aofsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Windows\System32undll32.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eNet\eNMTray.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Users\UTILIS~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\Program Filesnamfleradprcmp.exe
C:\Windows\System32\igfxext.exe
C:\Windows\System32\igfxsrvc.exe
.
**************************************************************************
.
Heure de fin: 2008-10-02  0:05:05 - La machine a redémarré
ComboFix-quarantined-files.txt  2008-10-01 22:03:54
ComboFix2.txt  2008-09-29 21:53:16

Avant-CF: Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 2,747,359,232 octets libres

271	--- E O F ---	2008-09-30 10:01:29

Destrio5 · Answer

Le script est disponible ici.

zapeuse · Answer

rien a faire  j y arrive pas je fais glisser et il ne se passe rien

Destrio5 · Answer

Tu le déposes sur ComboFix ?

Utilisateur anonyme · Answer

Bonsoir si ça peut aider :

Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)

A+

Destrio5 · Answer

Je pense vraiment qu'on va laisser tomber les clés de registre bizarres.

Destrio5 · Answer

ComboFix oui mais quand tu dis "tout le reste", tu penses à quoi ?

Destrio5 · Answer

Oui, tu peux supprimer.

Pub à gogo !

140 réponses

Votre réponse

Discussions similaires

Newsletters