you have security probleme Fermé

Question

Bonjour,
j ai un message qui s affiche you have a security probleme et j arrive pas a m en debarrasser si quelqu un peut m aider ca serait genti 
merci 
voici le scan 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:27:3589, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\bart\AppData\Local\Temp\a.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32undll32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\bart\AppData\Local\Temp\~tmpd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUY36VS9\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.darty.com/services/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSFox] C:\Users\bart\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Antispyware PRO XP] "C:\ProgramData\Software Licensors\Antispyware PRO XP\asproxp.exe" /autorun
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

g!rly · Answer

salut, 

Télécharges OTMoveIt3 (de Old_Timer) sur ton Bureau.

http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double cliques sur "OTMoveIt3.exe" pour ouvrir le prg .
Puis copies ce qui se trouve en citation ci-dessous, 

:Processes
explorer.exe

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Antispyware PRO XP"=-

:Folder
C:\ProgramData\Software Licensors

:Commands
[emptytemp]
[start explorer]
[Reboot]


et colles le dans le cadre de gauche de OTMoveIt3 :
Paste Instructions for items to be moved.
(ne touche à rien d'autre !)

-> cliques sur MoveIt! pour lancer la suppression.
-> laisses travailler l'outil ...

( Note : ton bureau va disparaitre puis réapparaitre, c'est normal .)

-> une fois finis , un petite fenêtre s'ouvre : cliques sur " Yes " .

Ton PC va redémarrer de lui même ...

-->Postes le contenu du rapport qui se trouve dans le dossier "C:\_OTMoveIt\MovedFiles"
( " xxxx2008_xxxxxx.log " où les "x" correspondent au jour et à l'heure de l'utilisation ). 

@+

jlpjlp · Answer

slt g!rly je te mets le rapport voici le rapport qu il me donne ========== PROCESSES ========== Process explorer.exe killed successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Antispyware PRO XP not found. Error: Unable to interpret <:Folder > in the current context! Error: Unable to interpret in the current context! ========== COMMANDS ========== File delete failed. C:\Users\bart\AppData\Local\Temp\a.exe scheduled to be deleted on reboot. File delete failed. C:\Users\bart\AppData\Local\Temp\JET510C.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\bart\AppData\Local\Temp\MainFrame.Log.txt scheduled to be deleted on reboot. File delete failed. C:\Users\bart\AppData\Local\Temp\~DF18C1.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\bart\AppData\Local\Temp\~DF18CB.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\bart\AppData\Local\Temp\~DF87D.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\bart\AppData\Local\Temp\~DF888.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\bart\AppData\Local\Temp\~tmpd.exe scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\Windows emp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\Windows emp\fwtsqmfile00.sqm scheduled to be deleted on reboot. Windows Temp folder emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10232008_173221 Files moved on Reboot... C:\Users\bart\AppData\Local\Temp\a.exe moved successfully. File C:\Users\bart\AppData\Local\Temp\JET510C.tmp not found! File move failed. C:\Users\bart\AppData\Local\Temp\MainFrame.Log.txt scheduled to be moved on reboot. File C:\Users\bart\AppData\Local\Temp\~DF18C1.tmp not found! File C:\Users\bart\AppData\Local\Temp\~DF18CB.tmp not found! File C:\Users\bart\AppData\Local\Temp\~DF87D.tmp not found! File C:\Users\bart\AppData\Local\Temp\~DF888.tmp not found! C:\Users\bart\AppData\Local\Temp\~tmpd.exe moved successfully. File move failed. C:\Windows emp\_avast4_\Webshlock.txt scheduled to be moved on reboot. File move failed. C:\Windows emp\fwtsqmfile00.sqm scheduled to be moved on reboot.

bart · Answer

je fait quoi du rapport que j ai recu

g!rly · Answer

merci jpljpl ;)

bart post un nouveau rapport hijack this stp

@+

bart · Answer

voici le nouveau rapport 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:06, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\System32undll32.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32undll32.exe
C:\Users\bart\AppData\Local\Temp\a.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\bart\AppData\Local\Temp\~tmpd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IB19KLKW\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

bart · Answer

voici le nouveau rapport 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:14:06, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\System32undll32.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32undll32.exe
C:\Users\bart\AppData\Local\Temp\a.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Users\bart\AppData\Local\Temp\~tmpd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IB19KLKW\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

g!rly · Answer

ok bart, 

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

bart · Answer

ben j ai utilise le logiciel malwarebytes puis redemarrer le pc  et plus rien s affiche sur l ecran 
alors je sais pas si ca la eliminer ou pas

g!rly · Answer

passe sdfix car tu as encore des saloperies...

bart · Answer

j ai fait ce que tu ma dit mais j ai pas eu de rapport parceque la fenetre s ouvre et se referme aussitot voici le scan de hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:32, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\System32undll32.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32undll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8ZHBE92\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\bart\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [Antispyware PRO XP] "C:\ProgramData\Software Licensors\Antispyware PRO XP\asproxp.exe" /autorun
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

bart · Answer

j ai fait ce que tu ma dit mais j ai pas eu de rapport parceque la fenetre s ouvre et se referme aussitot voici le scan de hijack


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:25:32, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\System32undll32.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32undll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K8ZHBE92\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSFox] C:\Users\bart\AppData\Local\Temp\a.exe
O4 - HKCU\..\Run: [Antispyware PRO XP] "C:\ProgramData\Software Licensors\Antispyware PRO XP\asproxp.exe" /autorun
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

g!rly · Answer

bon

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

bart · Answer

voici ce qu il me donne mais j arrive plus a avoir mon fond d ecran l ecran es noire

ComboFix 08-10-23.01 - bart 2008-10-23 21:42:44.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.1175 [GMT 2:00]
Lancé depuis: C:\Users\bart\Desktop\ComboFix.exe
.

g!rly · Answer

Le rapport est loin d´etre complet...

Post le en entier

Tu avais quoi comme fond d´ecran ?

@+

bart · Answer

ben j avais un bart mais meme toute les images sont blanches quand j ai lance logiciel le pc a redemarrer et ca ma donne ca

g!rly · Answer

comment ca toutes les images sont blanche ?
essaie de poster le rapport il est situé la :
C:\Combofix.txt

bart · Answer

no c est bon jai relace le log et voici le rapport ComboFix 08-10-23.01 - bart 2008-10-23 22:08:10.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1245 [GMT 2:00] Lancé depuis: C:\Users\bart\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Windows\system32\KBL.LOG ----- BITS: Il y a peut-être des sites infectés ----- hxxp://ftp.hp.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 )))))))))))))))))))))))))))))))))))) . 2008-10-23 21:44 . 2008-10-23 21:45 242,940,151 --a------ C:\Windows\MEMORY.DMP 2008-10-23 20:59 . 2008-10-22 02:19 d-------- C:\SDFix 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\Users\bart\AppData\Roaming\Malwarebytes 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\Users\All Users\Malwarebytes 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\ProgramData\Malwarebytes 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-23 18:05 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-23 18:05 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-23 17:32 . 2008-10-23 17:32 d-------- C:\_OTMoveIt 2008-10-23 15:21 . 2008-10-23 15:44 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-10-23 15:21 . 2008-10-23 15:44 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-10-23 15:21 . 2008-10-23 15:21 d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-23 14:39 . 2008-10-23 14:39 d-------- C:\Users\All Users\Yahoo! Companion 2008-10-23 14:39 . 2008-10-23 14:39 d-------- C:\ProgramData\Yahoo! Companion 2008-10-23 14:37 . 2008-10-23 14:37 d-------- C:\Program Files\Yahoo! 2008-10-23 14:37 . 2008-10-23 14:37 d-------- C:\Program Files\CCleaner 2008-10-23 14:30 . 2008-10-23 14:30 d-------- C:\Program Files\Avanquest update 2008-10-23 14:17 . 2008-10-23 18:09 d-------- C:\Users\All Users\Software Licensors 2008-10-23 14:17 . 2008-10-23 18:09 d-------- C:\ProgramData\Software Licensors 2008-10-23 00:55 . 2008-08-05 11:49 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-10-23 00:55 . 2008-08-05 11:49 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-10-23 00:55 . 2008-08-05 11:48 217,088 --a------ C:\Windows\System32\psisrndr.ax 2008-10-23 00:55 . 2008-08-05 11:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax 2008-10-23 00:55 . 2008-08-05 11:48 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-10-22 18:18 . 2008-10-15 18:28 8,329 --a------ C:\Windows\System32\hpasset.xml.bkp 2008-10-15 18:28 . 2008-10-22 18:18 8,329 --a------ C:\Windows\System32\hpasset.xml 2008-10-15 18:28 . 2008-06-24 08:49 321 --a------ C:\Windows\System32\XMLConfig_SYSID.ini 2008-10-15 13:59 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32 tkrnlpa.exe 2008-10-15 13:59 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32 toskrnl.exe 2008-10-15 13:59 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys 2008-10-15 13:59 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-10-15 13:59 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll 2008-10-15 13:59 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys 2008-10-09 14:45 . 2008-10-09 14:45 d-------- C:\Users\All Users\LightScribe 2008-10-09 14:45 . 2008-10-09 14:45 d-------- C:\ProgramData\LightScribe 2008-10-09 14:44 . 2008-10-16 20:33 d-------- C:\Users\bart\AppData\Roaming\Ahead 2008-10-09 14:43 . 2008-10-09 14:43 d-------- C:\Users\All Users\Ahead 2008-10-09 14:43 . 2008-10-09 14:43 d-------- C:\ProgramData\Ahead 2008-10-09 14:37 . 2008-10-09 14:37 d-------- C:\Users\All Users\Nero 2008-10-09 14:37 . 2008-10-09 14:37 d-------- C:\ProgramData\Nero 2008-10-09 14:37 . 2008-10-09 14:37 d-------- C:\Program Files\Nero 2008-10-09 14:37 . 2008-10-09 14:42 d-------- C:\Program Files\Common Files\Ahead 2008-10-03 21:38 . 2008-10-03 21:38 d-------- C:\Users\bart\AppData\Roaming\GTek 2008-09-25 16:41 . 2008-09-25 16:41 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-09-25 16:33 . 2008-09-25 16:33 d-------- C:\Users\bart\{8033ba62-06b8-469b-a244-7e1e7423ff10} . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-23 12:39 --------- d-----w C:\ProgramData\WholeSecurity 2008-10-23 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-16 01:09 --------- d-----w C:\Program Files\Windows Mail 2008-10-16 01:02 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-15 20:25 27,240 ----a-w C:\Users\bart\AppData\Roaming vModes.dat 2008-10-09 12:02 --------- d-----w C:\Program Files\Roxio 2008-10-09 12:02 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-10-09 12:01 --------- d-----w C:\ProgramData\Roxio 2008-10-03 19:38 --------- d-----w C:\Program Files\Hp 2008-10-03 19:38 --------- d-----w C:\Program Files\Hewlett-Packard 2008-10-03 19:34 --------- d-----w C:\Users\bart\AppData\Roaming\Hewlett-Packard 2008-09-22 14:16 --------- d-----w C:\Users\bart\AppData\Roaming\RayV 2008-09-18 05:42 --------- d-----w C:\Users\bart\AppData\Roaming\GARMIN 2008-09-18 05:40 --------- d-----w C:\Program Files\Garmin 2008-09-09 05:09 --------- d-----w C:\Users\bart\AppData\Roaming\uTorrent 2008-09-04 18:53 --------- d-----w C:\Users\bart\AppData\Roaming\Samsung 2008-09-04 18:53 --------- d-----w C:\Program Files\Samsung 2008-09-02 14:21 --------- d-----w C:\Program Files\uTorrent 2008-08-23 22:37 --------- d-----w C:\Program Files\Neuf 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-26 14:14 174 --sha-w C:\Program Files\desktop.ini 2008-03-25 15:09 22,328 ----a-w C:\Users\bart\AppData\Roaming\PnkBstrK.sys 2008-03-10 17:12 0 ----a-w C:\Users\bart\AppData\Roaming\wklnhst.dat 2008-03-28 10:16 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-03-28 10:16 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-03-28 10:16 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136] "L'Assistant DartyBox"="C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe" [2007-06-05 151552] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448] "CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-20 418632] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-08 652528] "NvSvc"="C:\Windows\system32 vsvc.dll" [2007-09-19 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 81920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920] "BigDogPath"="C:\Windows\VM_STI.EXE" [2004-06-09 40960] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{193DAF2B-E008-4B37-9039-EA1C687DD5E5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{BD046E90-F042-4ADF-98F0-49D0BF91FFDA}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{630FD9F8-80AA-45A3-9DC1-D7C4CF0854CE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0AC7094B-6AB3-4C94-984B-7A278921DE78}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{060D820E-6A05-4455-867C-C0B5E0013342}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{EE96EC60-EE76-4043-ADB7-384B0D394204}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{421BAD1E-357D-4898-A280-2159D048527E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{20D7CD55-C506-4809-9F96-370BE00A72FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FB50207D-9953-4CD2-B15D-0B1BB95EACED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{267A91B0-3DCF-45D6-AF41-09F984712099}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B4E30560-3F8C-4D3C-9969-5B11E91E2934}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{FB146C4E-9D0B-4BF5-A900-314B1D0FED3A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{2DD80D40-2938-464A-B486-8F35ABBAB07C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{EF46BB6A-C624-46FB-B40D-0C6693873015}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard "UDP Query User{CE022776-A70F-4350-84E5-0FFB99A40A46}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard "TCP Query User{C3ED6EB1-3721-4919-B0EA-E21B43C85BBB}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{9DF1B289-E60B-4405-91F2-ABB1B1FF1D65}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{C3841FF3-C066-4380-B1CD-75C032E82C6E}C:\users\bart\appdata\local\emule\emule.exe"= UDP:C:\users\bart\appdata\local\emule\emule.exe:emule.exe "UDP Query User{2F3598A9-AB27-464F-A5BE-40C075A1F5D6}C:\users\bart\appdata\local\emule\emule.exe"= TCP:C:\users\bart\appdata\local\emule\emule.exe:emule.exe "TCP Query User{7BD35516-8FDA-4015-AD22-4DA9684A0FE4}C:\program files\rayv\rayv\rayv.exe"= UDP:C:\program files ayv ayv ayv.exe:RayV "UDP Query User{5D5B70F8-2A34-4FEF-BF4C-269C336635F8}C:\program files\rayv\rayv\rayv.exe"= TCP:C:\program files ayv ayv ayv.exe:RayV "TCP Query User{829196DD-7CF4-478C-B09A-83C92C3F7073}C:\program files\tmnationsforever\tmforever.exe"= UDP:C:\program files mnationsforever mforever.exe:TmForever "UDP Query User{BD4467F7-A540-4C73-BD15-825E63DBBF5B}C:\program files\tmnationsforever\tmforever.exe"= TCP:C:\program files mnationsforever mforever.exe:TmForever "TCP Query User{07D635C3-EC7D-49D8-B748-8891F0A8E46F}C:\program files\assistant dartybox\um.exe"= UDP:C:\program files\assistant dartybox\um.exe:Mise à Jour pour L'Assistant Dartybox "UDP Query User{FEFCD52A-3AC8-4EDF-AB72-487B5C0E0C6D}C:\program files\assistant dartybox\um.exe"= TCP:C:\program files\assistant dartybox\um.exe:Mise à Jour pour L'Assistant Dartybox "TCP Query User{5BFAA529-652A-4338-8BE4-E5BAEA9EE5A3}C:\program files\assistant dartybox\upgrade_manager.exe"= UDP:C:\program files\assistant dartybox\upgrade_manager.exe:Mise à Jour pour L'Assistant Dartybox "UDP Query User{B78532BB-98E2-470F-B59A-D04994B5FC74}C:\program files\assistant dartybox\upgrade_manager.exe"= TCP:C:\program files\assistant dartybox\upgrade_manager.exe:Mise à Jour pour L'Assistant Dartybox "TCP Query User{606ECE40-8CD3-49D6-8DF0-2A5C27CDA395}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard "UDP Query User{05002BE2-245D-423C-BA82-7270E249916A}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard "{31437740-3374-4212-8992-38A194C84755}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2B59643F-353B-4E75-BFA7-6EF7794354A1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{47DFD239-FA36-4128-A214-ADB4F8DE12C9}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{32626BD3-D100-4797-8399-1D40614C7615}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{8651255D-41B4-471B-842C-78B547428BE0}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{3B0C19F8-FBBF-4021-BF18-746ABD199830}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{904B6AC9-63B4-4613-937F-5C87A1EF28A8}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{1B38BE1D-F0B3-43EC-9628-83C06F365549}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760] R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016] R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168] S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53a4aaf2-ee90-11dc-8559-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2008-10-09 C:\Windows\Tasks\HPCeeScheduleForbart.job - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-09-28 12:58] 2008-10-23 C:\Windows\Tasks\User_Feed_Synchronization-{BA26A68B-A66D-4F4E-90A0-569B45CBA994}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Antispyware PRO XP - C:\ProgramData\Software Licensors\Antispyware PRO XP\asproxp.exe . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = hxxp://google.fr/ R0 -: HKLM-Main,Start Page = hxxp://www.ustart.org O8 -: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0 esources\fr-fr\local\search.html O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 -: Recherche sur eBay - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab C:\Windows\Downloaded Program Files\OSDC5.OSD C:\Windows\Downloaded Program Files\InstallerControl.dll O16 -: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab C:\Windows\Downloaded Program Files\CERTDGI1.dll O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab C:\Windows\Downloaded Program Files\ImageUploader5.inf C:\Program Files\Samsung\Samsung PC Studio 3\UNICOWS.DLL C:\Windows\Downloaded Program Files\ImageUploader5.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-23 22:11:00 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-23 22:12:00 ComboFix-quarantined-files.txt 2008-10-23 20:11:56 Avant-CF: 122,170,802,176 octets libres Après-CF: 122,228,039,680 octets libres 238 --- E O F --- 2008-10-23 01:00:42

bart · Answer

no c est bon jai relace le log et voici le rapport ComboFix 08-10-23.01 - bart 2008-10-23 22:08:10.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1245 [GMT 2:00] Lancé depuis: C:\Users\bart\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Windows\system32\KBL.LOG ----- BITS: Il y a peut-être des sites infectés ----- hxxp://ftp.hp.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 )))))))))))))))))))))))))))))))))))) . 2008-10-23 21:44 . 2008-10-23 21:45 242,940,151 --a------ C:\Windows\MEMORY.DMP 2008-10-23 20:59 . 2008-10-22 02:19 d-------- C:\SDFix 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\Users\bart\AppData\Roaming\Malwarebytes 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\Users\All Users\Malwarebytes 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\ProgramData\Malwarebytes 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-23 18:05 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-23 18:05 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-23 17:32 . 2008-10-23 17:32 d-------- C:\_OTMoveIt 2008-10-23 15:21 . 2008-10-23 15:44 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-10-23 15:21 . 2008-10-23 15:44 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-10-23 15:21 . 2008-10-23 15:21 d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-23 14:39 . 2008-10-23 14:39 d-------- C:\Users\All Users\Yahoo! Companion 2008-10-23 14:39 . 2008-10-23 14:39 d-------- C:\ProgramData\Yahoo! Companion 2008-10-23 14:37 . 2008-10-23 14:37 d-------- C:\Program Files\Yahoo! 2008-10-23 14:37 . 2008-10-23 14:37 d-------- C:\Program Files\CCleaner 2008-10-23 14:30 . 2008-10-23 14:30 d-------- C:\Program Files\Avanquest update 2008-10-23 14:17 . 2008-10-23 18:09 d-------- C:\Users\All Users\Software Licensors 2008-10-23 14:17 . 2008-10-23 18:09 d-------- C:\ProgramData\Software Licensors 2008-10-23 00:55 . 2008-08-05 11:49 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-10-23 00:55 . 2008-08-05 11:49 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-10-23 00:55 . 2008-08-05 11:48 217,088 --a------ C:\Windows\System32\psisrndr.ax 2008-10-23 00:55 . 2008-08-05 11:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax 2008-10-23 00:55 . 2008-08-05 11:48 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-10-22 18:18 . 2008-10-15 18:28 8,329 --a------ C:\Windows\System32\hpasset.xml.bkp 2008-10-15 18:28 . 2008-10-22 18:18 8,329 --a------ C:\Windows\System32\hpasset.xml 2008-10-15 18:28 . 2008-06-24 08:49 321 --a------ C:\Windows\System32\XMLConfig_SYSID.ini 2008-10-15 13:59 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32 tkrnlpa.exe 2008-10-15 13:59 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32 toskrnl.exe 2008-10-15 13:59 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys 2008-10-15 13:59 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-10-15 13:59 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll 2008-10-15 13:59 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys 2008-10-09 14:45 . 2008-10-09 14:45 d-------- C:\Users\All Users\LightScribe 2008-10-09 14:45 . 2008-10-09 14:45 d-------- C:\ProgramData\LightScribe 2008-10-09 14:44 . 2008-10-16 20:33 d-------- C:\Users\bart\AppData\Roaming\Ahead 2008-10-09 14:43 . 2008-10-09 14:43 d-------- C:\Users\All Users\Ahead 2008-10-09 14:43 . 2008-10-09 14:43 d-------- C:\ProgramData\Ahead 2008-10-09 14:37 . 2008-10-09 14:37 d-------- C:\Users\All Users\Nero 2008-10-09 14:37 . 2008-10-09 14:37 d-------- C:\ProgramData\Nero 2008-10-09 14:37 . 2008-10-09 14:37 d-------- C:\Program Files\Nero 2008-10-09 14:37 . 2008-10-09 14:42 d-------- C:\Program Files\Common Files\Ahead 2008-10-03 21:38 . 2008-10-03 21:38 d-------- C:\Users\bart\AppData\Roaming\GTek 2008-09-25 16:41 . 2008-09-25 16:41 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-09-25 16:33 . 2008-09-25 16:33 d-------- C:\Users\bart\{8033ba62-06b8-469b-a244-7e1e7423ff10} . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-23 12:39 --------- d-----w C:\ProgramData\WholeSecurity 2008-10-23 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-16 01:09 --------- d-----w C:\Program Files\Windows Mail 2008-10-16 01:02 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-15 20:25 27,240 ----a-w C:\Users\bart\AppData\Roaming vModes.dat 2008-10-09 12:02 --------- d-----w C:\Program Files\Roxio 2008-10-09 12:02 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-10-09 12:01 --------- d-----w C:\ProgramData\Roxio 2008-10-03 19:38 --------- d-----w C:\Program Files\Hp 2008-10-03 19:38 --------- d-----w C:\Program Files\Hewlett-Packard 2008-10-03 19:34 --------- d-----w C:\Users\bart\AppData\Roaming\Hewlett-Packard 2008-09-22 14:16 --------- d-----w C:\Users\bart\AppData\Roaming\RayV 2008-09-18 05:42 --------- d-----w C:\Users\bart\AppData\Roaming\GARMIN 2008-09-18 05:40 --------- d-----w C:\Program Files\Garmin 2008-09-09 05:09 --------- d-----w C:\Users\bart\AppData\Roaming\uTorrent 2008-09-04 18:53 --------- d-----w C:\Users\bart\AppData\Roaming\Samsung 2008-09-04 18:53 --------- d-----w C:\Program Files\Samsung 2008-09-02 14:21 --------- d-----w C:\Program Files\uTorrent 2008-08-23 22:37 --------- d-----w C:\Program Files\Neuf 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-26 14:14 174 --sha-w C:\Program Files\desktop.ini 2008-03-25 15:09 22,328 ----a-w C:\Users\bart\AppData\Roaming\PnkBstrK.sys 2008-03-10 17:12 0 ----a-w C:\Users\bart\AppData\Roaming\wklnhst.dat 2008-03-28 10:16 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-03-28 10:16 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-03-28 10:16 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136] "L'Assistant DartyBox"="C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe" [2007-06-05 151552] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448] "CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-20 418632] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-08 652528] "NvSvc"="C:\Windows\system32 vsvc.dll" [2007-09-19 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 81920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920] "BigDogPath"="C:\Windows\VM_STI.EXE" [2004-06-09 40960] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{193DAF2B-E008-4B37-9039-EA1C687DD5E5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{BD046E90-F042-4ADF-98F0-49D0BF91FFDA}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{630FD9F8-80AA-45A3-9DC1-D7C4CF0854CE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0AC7094B-6AB3-4C94-984B-7A278921DE78}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{060D820E-6A05-4455-867C-C0B5E0013342}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{EE96EC60-EE76-4043-ADB7-384B0D394204}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{421BAD1E-357D-4898-A280-2159D048527E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{20D7CD55-C506-4809-9F96-370BE00A72FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FB50207D-9953-4CD2-B15D-0B1BB95EACED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{267A91B0-3DCF-45D6-AF41-09F984712099}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B4E30560-3F8C-4D3C-9969-5B11E91E2934}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{FB146C4E-9D0B-4BF5-A900-314B1D0FED3A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{2DD80D40-2938-464A-B486-8F35ABBAB07C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{EF46BB6A-C624-46FB-B40D-0C6693873015}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard "UDP Query User{CE022776-A70F-4350-84E5-0FFB99A40A46}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard "TCP Query User{C3ED6EB1-3721-4919-B0EA-E21B43C85BBB}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{9DF1B289-E60B-4405-91F2-ABB1B1FF1D65}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{C3841FF3-C066-4380-B1CD-75C032E82C6E}C:\users\bart\appdata\local\emule\emule.exe"= UDP:C:\users\bart\appdata\local\emule\emule.exe:emule.exe "UDP Query User{2F3598A9-AB27-464F-A5BE-40C075A1F5D6}C:\users\bart\appdata\local\emule\emule.exe"= TCP:C:\users\bart\appdata\local\emule\emule.exe:emule.exe "TCP Query User{7BD35516-8FDA-4015-AD22-4DA9684A0FE4}C:\program files\rayv\rayv\rayv.exe"= UDP:C:\program files ayv ayv ayv.exe:RayV "UDP Query User{5D5B70F8-2A34-4FEF-BF4C-269C336635F8}C:\program files\rayv\rayv\rayv.exe"= TCP:C:\program files ayv ayv ayv.exe:RayV "TCP Query User{829196DD-7CF4-478C-B09A-83C92C3F7073}C:\program files\tmnationsforever\tmforever.exe"= UDP:C:\program files mnationsforever mforever.exe:TmForever "UDP Query User{BD4467F7-A540-4C73-BD15-825E63DBBF5B}C:\program files\tmnationsforever\tmforever.exe"= TCP:C:\program files mnationsforever mforever.exe:TmForever "TCP Query User{07D635C3-EC7D-49D8-B748-8891F0A8E46F}C:\program files\assistant dartybox\um.exe"= UDP:C:\program files\assistant dartybox\um.exe:Mise à Jour pour L'Assistant Dartybox "UDP Query User{FEFCD52A-3AC8-4EDF-AB72-487B5C0E0C6D}C:\program files\assistant dartybox\um.exe"= TCP:C:\program files\assistant dartybox\um.exe:Mise à Jour pour L'Assistant Dartybox "TCP Query User{5BFAA529-652A-4338-8BE4-E5BAEA9EE5A3}C:\program files\assistant dartybox\upgrade_manager.exe"= UDP:C:\program files\assistant dartybox\upgrade_manager.exe:Mise à Jour pour L'Assistant Dartybox "UDP Query User{B78532BB-98E2-470F-B59A-D04994B5FC74}C:\program files\assistant dartybox\upgrade_manager.exe"= TCP:C:\program files\assistant dartybox\upgrade_manager.exe:Mise à Jour pour L'Assistant Dartybox "TCP Query User{606ECE40-8CD3-49D6-8DF0-2A5C27CDA395}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard "UDP Query User{05002BE2-245D-423C-BA82-7270E249916A}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard "{31437740-3374-4212-8992-38A194C84755}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2B59643F-353B-4E75-BFA7-6EF7794354A1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{47DFD239-FA36-4128-A214-ADB4F8DE12C9}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{32626BD3-D100-4797-8399-1D40614C7615}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{8651255D-41B4-471B-842C-78B547428BE0}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{3B0C19F8-FBBF-4021-BF18-746ABD199830}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{904B6AC9-63B4-4613-937F-5C87A1EF28A8}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{1B38BE1D-F0B3-43EC-9628-83C06F365549}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760] R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016] R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168] S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53a4aaf2-ee90-11dc-8559-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2008-10-09 C:\Windows\Tasks\HPCeeScheduleForbart.job - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-09-28 12:58] 2008-10-23 C:\Windows\Tasks\User_Feed_Synchronization-{BA26A68B-A66D-4F4E-90A0-569B45CBA994}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Antispyware PRO XP - C:\ProgramData\Software Licensors\Antispyware PRO XP\asproxp.exe . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = hxxp://google.fr/ R0 -: HKLM-Main,Start Page = hxxp://www.ustart.org O8 -: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0 esources\fr-fr\local\search.html O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 -: Recherche sur eBay - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab C:\Windows\Downloaded Program Files\OSDC5.OSD C:\Windows\Downloaded Program Files\InstallerControl.dll O16 -: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab C:\Windows\Downloaded Program Files\CERTDGI1.dll O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab C:\Windows\Downloaded Program Files\ImageUploader5.inf C:\Program Files\Samsung\Samsung PC Studio 3\UNICOWS.DLL C:\Windows\Downloaded Program Files\ImageUploader5.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-23 22:11:00 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-23 22:12:00 ComboFix-quarantined-files.txt 2008-10-23 20:11:56 Avant-CF: 122,170,802,176 octets libres Après-CF: 122,228,039,680 octets libres 238 --- E O F --- 2008-10-23 01:00:42

bart · Answer

no c est bon jai relace le log et voici le rapport ComboFix 08-10-23.01 - bart 2008-10-23 22:08:10.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1245 [GMT 2:00] Lancé depuis: C:\Users\bart\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Windows\system32\KBL.LOG ----- BITS: Il y a peut-être des sites infectés ----- hxxp://ftp.hp.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 )))))))))))))))))))))))))))))))))))) . 2008-10-23 21:44 . 2008-10-23 21:45 242,940,151 --a------ C:\Windows\MEMORY.DMP 2008-10-23 20:59 . 2008-10-22 02:19 d-------- C:\SDFix 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\Users\bart\AppData\Roaming\Malwarebytes 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\Users\All Users\Malwarebytes 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\ProgramData\Malwarebytes 2008-10-23 18:05 . 2008-10-23 18:05 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-23 18:05 . 2008-10-22 16:10 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-23 18:05 . 2008-10-22 16:10 15,504 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-23 17:32 . 2008-10-23 17:32 d-------- C:\_OTMoveIt 2008-10-23 15:21 . 2008-10-23 15:44 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-10-23 15:21 . 2008-10-23 15:44 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-10-23 15:21 . 2008-10-23 15:21 d-------- C:\Program Files\Spybot - Search & Destroy 2008-10-23 14:39 . 2008-10-23 14:39 d-------- C:\Users\All Users\Yahoo! Companion 2008-10-23 14:39 . 2008-10-23 14:39 d-------- C:\ProgramData\Yahoo! Companion 2008-10-23 14:37 . 2008-10-23 14:37 d-------- C:\Program Files\Yahoo! 2008-10-23 14:37 . 2008-10-23 14:37 d-------- C:\Program Files\CCleaner 2008-10-23 14:30 . 2008-10-23 14:30 d-------- C:\Program Files\Avanquest update 2008-10-23 14:17 . 2008-10-23 18:09 d-------- C:\Users\All Users\Software Licensors 2008-10-23 14:17 . 2008-10-23 18:09 d-------- C:\ProgramData\Software Licensors 2008-10-23 00:55 . 2008-08-05 11:49 428,544 --a------ C:\Windows\System32\EncDec.dll 2008-10-23 00:55 . 2008-08-05 11:49 293,376 --a------ C:\Windows\System32\psisdecd.dll 2008-10-23 00:55 . 2008-08-05 11:48 217,088 --a------ C:\Windows\System32\psisrndr.ax 2008-10-23 00:55 . 2008-08-05 11:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax 2008-10-23 00:55 . 2008-08-05 11:48 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-10-22 18:18 . 2008-10-15 18:28 8,329 --a------ C:\Windows\System32\hpasset.xml.bkp 2008-10-15 18:28 . 2008-10-22 18:18 8,329 --a------ C:\Windows\System32\hpasset.xml 2008-10-15 18:28 . 2008-06-24 08:49 321 --a------ C:\Windows\System32\XMLConfig_SYSID.ini 2008-10-15 13:59 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32 tkrnlpa.exe 2008-10-15 13:59 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32 toskrnl.exe 2008-10-15 13:59 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys 2008-10-15 13:59 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-10-15 13:59 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll 2008-10-15 13:59 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys 2008-10-09 14:45 . 2008-10-09 14:45 d-------- C:\Users\All Users\LightScribe 2008-10-09 14:45 . 2008-10-09 14:45 d-------- C:\ProgramData\LightScribe 2008-10-09 14:44 . 2008-10-16 20:33 d-------- C:\Users\bart\AppData\Roaming\Ahead 2008-10-09 14:43 . 2008-10-09 14:43 d-------- C:\Users\All Users\Ahead 2008-10-09 14:43 . 2008-10-09 14:43 d-------- C:\ProgramData\Ahead 2008-10-09 14:37 . 2008-10-09 14:37 d-------- C:\Users\All Users\Nero 2008-10-09 14:37 . 2008-10-09 14:37 d-------- C:\ProgramData\Nero 2008-10-09 14:37 . 2008-10-09 14:37 d-------- C:\Program Files\Nero 2008-10-09 14:37 . 2008-10-09 14:42 d-------- C:\Program Files\Common Files\Ahead 2008-10-03 21:38 . 2008-10-03 21:38 d-------- C:\Users\bart\AppData\Roaming\GTek 2008-09-25 16:41 . 2008-09-25 16:41 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-09-25 16:33 . 2008-09-25 16:33 d-------- C:\Users\bart\{8033ba62-06b8-469b-a244-7e1e7423ff10} . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-23 12:39 --------- d-----w C:\ProgramData\WholeSecurity 2008-10-23 12:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-16 01:09 --------- d-----w C:\Program Files\Windows Mail 2008-10-16 01:02 --------- d-----w C:\ProgramData\Microsoft Help 2008-10-15 20:25 27,240 ----a-w C:\Users\bart\AppData\Roaming vModes.dat 2008-10-09 12:02 --------- d-----w C:\Program Files\Roxio 2008-10-09 12:02 --------- d-----w C:\Program Files\Common Files\Roxio Shared 2008-10-09 12:01 --------- d-----w C:\ProgramData\Roxio 2008-10-03 19:38 --------- d-----w C:\Program Files\Hp 2008-10-03 19:38 --------- d-----w C:\Program Files\Hewlett-Packard 2008-10-03 19:34 --------- d-----w C:\Users\bart\AppData\Roaming\Hewlett-Packard 2008-09-22 14:16 --------- d-----w C:\Users\bart\AppData\Roaming\RayV 2008-09-18 05:42 --------- d-----w C:\Users\bart\AppData\Roaming\GARMIN 2008-09-18 05:40 --------- d-----w C:\Program Files\Garmin 2008-09-09 05:09 --------- d-----w C:\Users\bart\AppData\Roaming\uTorrent 2008-09-04 18:53 --------- d-----w C:\Users\bart\AppData\Roaming\Samsung 2008-09-04 18:53 --------- d-----w C:\Program Files\Samsung 2008-09-02 14:21 --------- d-----w C:\Program Files\uTorrent 2008-08-23 22:37 --------- d-----w C:\Program Files\Neuf 2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-26 14:14 174 --sha-w C:\Program Files\desktop.ini 2008-03-25 15:09 22,328 ----a-w C:\Users\bart\AppData\Roaming\PnkBstrK.sys 2008-03-10 17:12 0 ----a-w C:\Users\bart\AppData\Roaming\wklnhst.dat 2008-03-28 10:16 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-03-28 10:16 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-03-28 10:16 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136] "L'Assistant DartyBox"="C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe" [2007-06-05 151552] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 360448] "CursorFX"="C:\Program Files\Stardock\CursorFX\CursorFX.exe" [2008-02-20 418632] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 181544] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032] "OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320] "UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408] "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-08-08 652528] "NvSvc"="C:\Windows\system32 vsvc.dll" [2007-09-19 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 8497696] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 81920] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-08-25 81920] "BigDogPath"="C:\Windows\VM_STI.EXE" [2004-06-09 40960] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{193DAF2B-E008-4B37-9039-EA1C687DD5E5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{BD046E90-F042-4ADF-98F0-49D0BF91FFDA}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{630FD9F8-80AA-45A3-9DC1-D7C4CF0854CE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{0AC7094B-6AB3-4C94-984B-7A278921DE78}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{060D820E-6A05-4455-867C-C0B5E0013342}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{EE96EC60-EE76-4043-ADB7-384B0D394204}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{421BAD1E-357D-4898-A280-2159D048527E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{20D7CD55-C506-4809-9F96-370BE00A72FA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{FB50207D-9953-4CD2-B15D-0B1BB95EACED}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{267A91B0-3DCF-45D6-AF41-09F984712099}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{B4E30560-3F8C-4D3C-9969-5B11E91E2934}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{FB146C4E-9D0B-4BF5-A900-314B1D0FED3A}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{2DD80D40-2938-464A-B486-8F35ABBAB07C}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "TCP Query User{EF46BB6A-C624-46FB-B40D-0C6693873015}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard "UDP Query User{CE022776-A70F-4350-84E5-0FFB99A40A46}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard "TCP Query User{C3ED6EB1-3721-4919-B0EA-E21B43C85BBB}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{9DF1B289-E60B-4405-91F2-ABB1B1FF1D65}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{C3841FF3-C066-4380-B1CD-75C032E82C6E}C:\users\bart\appdata\local\emule\emule.exe"= UDP:C:\users\bart\appdata\local\emule\emule.exe:emule.exe "UDP Query User{2F3598A9-AB27-464F-A5BE-40C075A1F5D6}C:\users\bart\appdata\local\emule\emule.exe"= TCP:C:\users\bart\appdata\local\emule\emule.exe:emule.exe "TCP Query User{7BD35516-8FDA-4015-AD22-4DA9684A0FE4}C:\program files\rayv\rayv\rayv.exe"= UDP:C:\program files ayv ayv ayv.exe:RayV "UDP Query User{5D5B70F8-2A34-4FEF-BF4C-269C336635F8}C:\program files\rayv\rayv\rayv.exe"= TCP:C:\program files ayv ayv ayv.exe:RayV "TCP Query User{829196DD-7CF4-478C-B09A-83C92C3F7073}C:\program files\tmnationsforever\tmforever.exe"= UDP:C:\program files mnationsforever mforever.exe:TmForever "UDP Query User{BD4467F7-A540-4C73-BD15-825E63DBBF5B}C:\program files\tmnationsforever\tmforever.exe"= TCP:C:\program files mnationsforever mforever.exe:TmForever "TCP Query User{07D635C3-EC7D-49D8-B748-8891F0A8E46F}C:\program files\assistant dartybox\um.exe"= UDP:C:\program files\assistant dartybox\um.exe:Mise à Jour pour L'Assistant Dartybox "UDP Query User{FEFCD52A-3AC8-4EDF-AB72-487B5C0E0C6D}C:\program files\assistant dartybox\um.exe"= TCP:C:\program files\assistant dartybox\um.exe:Mise à Jour pour L'Assistant Dartybox "TCP Query User{5BFAA529-652A-4338-8BE4-E5BAEA9EE5A3}C:\program files\assistant dartybox\upgrade_manager.exe"= UDP:C:\program files\assistant dartybox\upgrade_manager.exe:Mise à Jour pour L'Assistant Dartybox "UDP Query User{B78532BB-98E2-470F-B59A-D04994B5FC74}C:\program files\assistant dartybox\upgrade_manager.exe"= TCP:C:\program files\assistant dartybox\upgrade_manager.exe:Mise à Jour pour L'Assistant Dartybox "TCP Query User{606ECE40-8CD3-49D6-8DF0-2A5C27CDA395}C:\program files\echanblard\emule.exe"= UDP:C:\program files\echanblard\emule.exe:eChanblard "UDP Query User{05002BE2-245D-423C-BA82-7270E249916A}C:\program files\echanblard\emule.exe"= TCP:C:\program files\echanblard\emule.exe:eChanblard "{31437740-3374-4212-8992-38A194C84755}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2B59643F-353B-4E75-BFA7-6EF7794354A1}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{47DFD239-FA36-4128-A214-ADB4F8DE12C9}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{32626BD3-D100-4797-8399-1D40614C7615}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{8651255D-41B4-471B-842C-78B547428BE0}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{3B0C19F8-FBBF-4021-BF18-746ABD199830}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{904B6AC9-63B4-4613-937F-5C87A1EF28A8}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 "{1B38BE1D-F0B3-43EC-9628-83C06F365549}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe:RoxioUpnpService9 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 0 (0x0) R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760] R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016] R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168] S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53a4aaf2-ee90-11dc-8559-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2008-10-09 C:\Windows\Tasks\HPCeeScheduleForbart.job - C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-09-28 12:58] 2008-10-23 C:\Windows\Tasks\User_Feed_Synchronization-{BA26A68B-A66D-4F4E-90A0-569B45CBA994}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Antispyware PRO XP - C:\ProgramData\Software Licensors\Antispyware PRO XP\asproxp.exe . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = hxxp://google.fr/ R0 -: HKLM-Main,Start Page = hxxp://www.ustart.org O8 -: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0 esources\fr-fr\local\search.html O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 -: Recherche sur eBay - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab C:\Windows\Downloaded Program Files\OSDC5.OSD C:\Windows\Downloaded Program Files\InstallerControl.dll O16 -: {04CB5B64-5915-4629-B869-8945CEBADD21} - hxxps://static.impots.gouv.fr/abos/static/securite/certdgi1.cab C:\Windows\Downloaded Program Files\CERTDGI1.dll O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab C:\Windows\Downloaded Program Files\ImageUploader5.inf C:\Program Files\Samsung\Samsung PC Studio 3\UNICOWS.DLL C:\Windows\Downloaded Program Files\ImageUploader5.ocx . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-23 22:11:00 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-23 22:12:00 ComboFix-quarantined-files.txt 2008-10-23 20:11:56 Avant-CF: 122,170,802,176 octets libres Après-CF: 122,228,039,680 octets libres 238 --- E O F --- 2008-10-23 01:00:42

g!rly · Answer

ok

post un nouveau rapport hijack this stp

@+

bart · Answer

voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:38, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Assistant Dartybox\upgrade_manager.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUY36VS9\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

bart · Answer

voila
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:21:38, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Assistant Dartybox\upgrade_manager.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\bart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUY36VS9\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32
vsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant DartyBox\Upgrade_Manager.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0esources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

g!rly · Answer

ok

tu as retrouvé ton fond d´ecran ? 

comment va le pc sinon ?

@+

bart · Answer

ben j ai recupere mon fond d ecran et le pc tourne aussi vite sans probleme

g!rly · Answer

ok :)

a l´aide de hijack this coche et fix :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" 
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start 
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

pour plus de secu :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

+

un par feu autres que celui de vista ?

zone alarm :

https://www.generation-nt.com/zonealarm-vista-checkpoint-firewall-telecharger-actualite-42256.html

https://www.zonealarm.com/software/free-firewall

https://www.malekal.com/tutoriel-zonealarm-firewall/

comodo 32 bit : plus dure a configurer

http://soft.softoogle.com/

tuto :https://www.malekal.com/tutorial-comodo-firewall/ 

puis passe ceci :

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

   http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

   Dans la colonne de gauche, click sur :

   ->"registre" :

      Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
      
      ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

   ->"nettoyeur"
   
      quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

   https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

   http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

pour supprimer les outils utiliser :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

@+

bart · Answer

oui j ai  deja ccleaner et spybot 
merci de m avoir aider c est  tres sympa

g!rly · Answer

De rien bart :)
Bonne continuation`
bye
g!rly`
ps : bonsoir a marge et homer LOL

You have security probleme

27 réponses

Discussions similaires