PROBLEME AFFICHAGE ANTIVIRUS 2009

slt

tu as quel antivirus ???
_________________

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

_________________________

remets ensuite un nouveau rapport hijakhcits pour verifier

Bonsoir
Merci de me répondre aussi vite!!!
J'ai téléchargé combofix et voici le rapport (pour répondre à votre question, je n'ai pas d'antivirus!! J'ai presque honte...) :
ComboFix 08-10-19.01 - SAMUEL 2008-10-19 22:56:42.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.318 [GMT 2:00]
Lancé depuis: C:\Users\SAMUEL\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll
C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll
C:\Windows\system32\hGvUnool.dll
C:\Windows\system32\rQhFvVmM.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-19 au 2008-10-19 ))))))))))))))))))))))))))))))))))))
.

2008-10-19 22:31 . 2008-10-19 22:31 <REP> d-------- C:\Program Files\Trend Micro
2008-10-19 14:17 . 2007-05-30 14:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-10-19 13:57 . 2008-10-19 13:57 <REP> d-------- C:\Users\All Users\Avg8
2008-10-19 13:57 . 2008-10-19 13:57 <REP> d-------- C:\ProgramData\Avg8
2008-10-19 00:41 . 2008-10-19 00:41 <REP> d-------- C:\Users\SAMUEL\AppData\Roaming\Grisoft
2008-10-19 00:41 . 2008-10-19 00:41 <REP> d-------- C:\Users\All Users\Grisoft
2008-10-19 00:41 . 2008-10-19 00:41 <REP> d-------- C:\ProgramData\Grisoft
2008-10-18 15:48 . 2008-10-18 15:48 <REP> d-------- C:\Program Files\AxBx
2008-10-18 15:42 . 2008-10-19 00:36 <REP> d-------- C:\Program Files\Panda Security
2008-10-08 02:05 . 2008-10-08 02:05 <REP> d-------- C:\Program Files\BitTorrent

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-19 20:59 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\DNA
2008-10-18 22:35 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-10-18 18:47 --------- d-----w C:\Program Files\Google
2008-10-18 18:43 --------- d-----w C:\Program Files\AviSynth 2.5
2008-10-18 18:10 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-10-18 18:01 --------- d-----w C:\Program Files\Intel
2008-10-18 18:00 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\EoRezo
2008-10-18 18:00 --------- d-----w C:\Program Files\eoRezo
2008-10-18 17:59 --------- d-----w C:\Program Files\SweetIM
2008-10-18 17:57 --------- d-----w C:\Program Files\Visicom Media
2008-10-17 18:31 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\BitTorrent
2008-10-01 11:12 1,532 ----a-w C:\Users\SAMUEL\AppData\Roaming\wklnhst.dat
2008-09-19 23:38 --------- d-----w C:\Users\SAMUEL\AppData\Roaming\OpenOffice.org2
2008-09-11 01:02 --------- d-----w C:\Program Files\Microsoft Works
2008-08-27 01:06 288,768 ----a-w C:\Windows\system32\drivers\srv.sys
2008-08-20 01:01 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-28 06:34 174 --sha-w C:\Program Files\desktop.ini
2008-03-13 01:02 22,328 ----a-w C:\Users\SAMUEL\AppData\Roaming\PnkBstrK.sys
2007-11-16 16:17 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-16 16:17 32 ----a-w C:\ProgramData\ezsid.dat
2008-03-02 01:54 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"BitTorrent DNA"="C:\Users\SAMUEL\Program Files\DNA\btdna.exe" [2008-10-08 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-24 44136]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm
"VIDC.IV41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E77CF33D-6C07-4636-827B-E4A2A139A82D}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{0CA4CCB7-952B-4723-B7B4-C7B9853E7EEB}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BEA96267-04DD-44FA-BAD3-B069F3F7243B}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{82183388-A487-4BCB-BAF2-CE5133326DAA}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{F22D71E8-C211-4975-8F5D-3C9DE1676D53}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{F3AD6A74-9AE2-47DF-BFAA-D54272845B0F}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{8551BBB6-387A-41FD-B396-D4A9396BB088}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{5A4E1C30-017A-4EC2-84A2-FEA429A44A63}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{E87AB97D-0391-4598-B675-3CEA4DEE8E60}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{7B0779EF-F37D-4AB9-BC55-98BA0BC73B94}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{CADDDD88-2354-4D5F-B1A7-27C63801A55D}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{A19755D1-E620-4D01-8D6D-00E0188208FD}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{35A7BBBB-65C1-4B7A-9A5D-0BFB7CE432C9}"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{755E7865-9BDC-4D67-90AB-76F20A713E62}"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.0
"{DC5E15EF-35B4-44BD-A324-8A6E2594C779}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{3CA10E22-3AF8-4829-9D54-359255838A77}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\ImpCnt.exe:IncrediMail
"{15342104-14CC-4685-BB8F-1FF309D2E807}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
"{49393A97-8AC1-48F5-BE53-F1E6F70E6FBD}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IMApp.exe:IncrediMail
"{E8F55AD7-30FF-4222-8A6E-D7DAC9432AC2}"= Disabled:UDP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{C377CA4A-2094-42E7-89B7-EABE0A331F21}"= Disabled:TCP:C:\Program Files\IncrediMail\bin\IncMail.exe:IncrediMail
"{B060AA45-0A1D-47AF-A592-65E251D95349}"= TCP:3658:pes6
"TCP Query User{A1C5079A-EB09-4C0A-BDA4-DA1AFAA429E9}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{BE7DB87E-F9A6-46CE-A1D2-9FD9510EE405}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{865E3890-B870-4956-867A-8C3C357A9932}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{A565BF66-EE35-4AD3-A4A0-5CDF93741CC4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1DA838FE-8323-4EB3-A105-99FDDC6C3524}C:\\program files\\freeplayer\\vlc\\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"UDP Query User{4C72242C-BC8C-4219-B372-518F5CCD4823}C:\\program files\\freeplayer\\vlc\\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player
"TCP Query User{0E0D04F1-00F9-406D-8B7C-2676457CA122}C:\\program files\\freebrowser\\freebrowser\\freebrowser.exe"= UDP:C:\program files\freebrowser\freebrowser\freebrowser.exe:FreeBrowser
"UDP Query User{64AE7CD6-6A3A-4DC1-A9B7-E0AE6C758CA2}C:\\program files\\freebrowser\\freebrowser\\freebrowser.exe"= TCP:C:\program files\freebrowser\freebrowser\freebrowser.exe:FreeBrowser
"TCP Query User{1A814341-6960-4147-9AB7-589A2F68458F}C:\\program files\\freebrowser\\vlc\\vlc.exe"= UDP:C:\program files\freebrowser\vlc\vlc.exe:VLC media player
"UDP Query User{6AE5B871-F9B8-469E-B690-7D625E1C17E7}C:\\program files\\freebrowser\\vlc\\vlc.exe"= TCP:C:\program files\freebrowser\vlc\vlc.exe:VLC media player
"TCP Query User{1F06A004-4E1B-48F2-872C-AC0181D53AA1}C:\\program files\\bitcomet\\bitcomet.exe"= UDP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{09B36E12-3FF6-4BA3-B827-DDB38F358144}C:\\program files\\bitcomet\\bitcomet.exe"= TCP:C:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2B68A264-EB30-48A3-8F9A-116BA9DC792D}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{A79E802B-6D71-4A0A-89B1-8570662CEE1A}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{6102D894-D6C9-47F4-ADFC-21E40D9AF9F8}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{E0FC3FFD-8B37-4986-B202-B9458307B068}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{5BC412AF-3C27-47A7-8740-F832B223EBCD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{67BCF0A9-13B9-4A2C-8945-64800D7FD4E1}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{AAD37F98-6F8E-4D5C-977A-1AE04F9F92E8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{1C27B352-F4F0-47A3-B844-61629268EBA6}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{D7325789-401F-4790-81B5-4FECDC045ABA}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{468AF3E6-90B3-4A74-9061-13F14B34C6FE}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{50B1915F-3DE6-42EA-9A75-B4D97D34708C}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{7D11D87E-F31F-401E-92F2-48B056661707}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{787BE248-57AB-45F0-8413-8975C9A3AD79}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{D2BD129A-B45F-4846-AAC7-3E0BD2369DB6}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9955A49D-4D27-4654-8632-6761F499D9F8}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{94B500A6-59A4-4D98-A36A-E4ACE32F6E7A}C:\\users\\samuel\\videos\\age of empires 2\\empires2.exe"= UDP:C:\users\samuel\videos\age of empires 2\empires2.exe:empires2.exe
"UDP Query User{E9297C62-7264-422A-B930-7EB723263809}C:\\users\\samuel\\videos\\age of empires 2\\empires2.exe"= TCP:C:\users\samuel\videos\age of empires 2\empires2.exe:empires2.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2947a4f7-e105-11db-9891-0007cb0000ff}]
\shell\AutoRun\command - J:\setup\rsrc\Autorun.exe
\shell\dinstall\command - J:\Directx\dxsetup.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-17 C:\Windows\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []

2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{14CCBB2B-9155-463B-8D27-C738EBE05B06}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2008-10-19 C:\Windows\Tasks\User_Feed_Synchronization-{5F54985D-C7E7-4B4E-A526-7EFC85E3BF74}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-MSServer - C:\Windows\system32\hGvUnool.dll
HKU-Default-Run-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Skype - C:\Program Files\Skype\Phone\Skype.exe

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
R1 -: HKCU-Internet Settings,ProxyOverride = *.local

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
C:\Windows\Downloaded Program Files\oscan8.inf
C:\Windows\Downloaded Program Files\oscan81.ocx_x
C:\Windows\bdoscandellang.ini
C:\Windows\bdoscandel.exe
C:\Windows\Downloaded Program Files\live.ini
C:\Windows\Downloaded Program Files\scanoptions.tsi
C:\Windows\Downloaded Program Files\lang.ini
C:\Windows\Downloaded Program Files\ipsupd.dll
C:\Windows\Downloaded Program Files\bdupd.dll
C:\Windows\Downloaded Program Files\libfn.dll
C:\Windows\Downloaded Program Files\bdcore.dll
C:\Windows\Downloaded Program Files\oscan8.ocx
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 23:01:17
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2008-10-19 23:06:33 - La machine a redémarré [SAMUEL]
ComboFix-quarantined-files.txt 2008-10-19 21:06:00

Avant-CF: 64,961,835,008 octets libres
Après-CF: 64,619,864,064 octets libres

200 --- E O F --- 2008-10-18 19:33:17
dans l'attente d'une réponse merci beaucoup

re
j'ai oublié de faire un deuxième test avec hijackthis. Le voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:34:24, on 19/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\SAMUEL\Program Files\DNA\btdna.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hGvUnool.dll,#1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\SAMUEL\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll,#1
O4 - HKCU\..\Run: [6288646b] rundll32.exe "C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: stllssvr - Unknown owner - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

SLT
SNIF plus de réponse..Je croise les doigts..Je sais il faut savoir être patient..mais j'ai tellement besoin de mon ordinateur.
Merci ..

relance hijakchits, fais DO A SYSTEM SCAN ONLY Et fix ces lignes 5FIX CHEKED°

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ads.eorezo.com/cgi-bin/advert/getads.cgi?x_dp_id=18&x_format=redirect
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\hGvUnool.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll,#1
O4 - HKCU\..\Run: [6288646b] rundll32.exe "C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll",b
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

_____________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\hGvUnool.dll
C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll
C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll
C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

________________________

si tu n'as aucune protection:

installe antivir et malwarebyte et colle nous les rapports:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

https://www.malekal.com/avira-free-security-antivirus-gratuit/

Bonsoir
merci pour votre réponse JLPJLP
voici le rapport :
File/Folder C:\Windows\system32\hGvUnool.dll not found.
File/Folder C:\Users\SAMUEL\AppData\Local\Temp\lJAtRhGW.dll not found.
File/Folder C:\Users\SAMUEL\AppData\Local\Temp\fccCsqNF.dll not found.
File/Folder C:\Users\SAMUEL\AppData\Local\Temp\kgygfohi.dll not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10202008_193956

Que me rest il à faire maintenant?
merci beaucoup...
Au fait à quoi sert antivir et malwarebyte ?
merci

antivir est un antivirus gratuit et malwarebyte un antiespion gratuit

tu as les manuels et les explications dans les liens

Re
Ok merci pour vos réponses claires et précises.
je vais intaller de suite antivir et malwarebyte
je dois installer les rapports?

c en cours, je poste les rapport aussitôt fait..
merci

RE
Voici les rapports :
1/ malwarebyte :
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1298
Windows 6.0.6001 Service Pack 1

20/10/2008 20:21:47
mbam-log-2008-10-20 (20-21-28).txt

Type de recherche: Examen rapide
Eléments examinés: 42459
Temps écoulé: 2 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

2/ rapport antivir :

Avira AntiVir Personal
Report file date: lundi 20 octobre 2008 20:43

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Save mode
Username: SAMUEL
Computer name: PC-DE-SAMUEL

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 20 octobre 2008 20:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
18 processes with 18 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).

Starting the file scan:

Begin scan in 'C:\' <HP>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\007.part
[0] Archive type: ACE
--> Telephone - Best Of\Telephone_-_Best_Of-back.jpg
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\015.part
[WARNING] An exception has been identified!
[WARNING] In the module 'aecore.dll' an exception occured.
Calling the function AVEPROC_TestFile in file: \\?\C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\015.part
Error description:ACCESS_VIOLATION
EAX = 000198AC EBX = 0002590A
ECX = 00000000 EDX = 03820024
ESI = 0004DE14 EDI = 0004e5a8
EIP = 02157EE9 EBP = 000FFFFF
ESP = 02A5AFB4 Flg = 00010206
CS = 00000023 SS = 0000001B
C:\Users\SAMUEL\Documents\Downloads\(HOODLUM ) patch pes 2008 ps3 _better version_.zip
[0] Archive type: ZIP
--> Setup.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.fwr.1 dropper
--> Object
[DETECTION] Is the TR/Dldr.IstBar.32000 Trojan
[NOTE] The file was moved to '494be93c.qua'!
C:\Users\SAMUEL\Downloads\RUNME.bat
[DETECTION] Contains recognition pattern of the BAT/ConHook.Z batch virus
[NOTE] The file was moved to '494ae993.qua'!
C:\Users\SAMUEL\Downloads\Setup_FreeConverter.exe
[DETECTION] Is the TR/Agent.6952238 Trojan
[NOTE] The file was moved to '4970e9a3.qua'!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Recovery>

End of the scan: lundi 20 octobre 2008 23:01
Used time: 2:18:17 Hour(s)

The scan has been done completely.

16863 Scanning directories
399910 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
399904 Files not concerned
3706 Archives were scanned
8 Warnings
3 Notes

Voilà, qu'en est il?
Merci..
(désolé d'avoir été aussi long, mais antivir à mis 2 h)

il faut faire gaffe avec emule ....

____________

scan avec ceci:

https://www.broadcom.com/support/security-center

____________
vire ce qui est en quarantaine dans antivir

_____________

il faut virer ce qui a été trouvé dans malwarebyte

______________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\007.part
C:\Users\SAMUEL\AppData\Local\VirtualStore\Program Files\eMule\Temp\015.part
C:\Users\SAMUEL\Documents\Downloads\(HOODLUM ) patch pes 2008 ps3 _better version_.zip
C:\Users\SAMUEL\Downloads\RUNME.bat
C:\Users\SAMUEL\Downloads\Setup_FreeConverter.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.