Sujet Précédent Sujet Suivant

Ralentissement soudain

bruno -  
 bruno -
Bonjour,mon portable a subitement ralenti,mon signal free est bon mais les connections internete sont devenu très longue.j'ai fait plusieurs cclearner,scaner avec avast,spybote rien n'y fait.j'ai passer hijack this, que j'envoie si quelqu'un peux m'aider avec une bonne maitrise de hijack this,serait le bien venue.
MERCI d'avance a tous ceux qui me dépanneront
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:31, on 23/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Users\bruno\AppData\Local\cssyuiy.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4343
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GoBoingo] C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [cssyuiy] "c:\users\bruno\appdata\local\cssyuiy.exe" cssyuiy
O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [oaicw] "c:\users\bruno\appdata\local\oaicw.exe" oaicw
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveMark Family (LiveMark) - Unknown owner - C:\Program Files\LiveMark\LiveMark.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

29 réponses

Précédent
  • 1
  • 2
Réponse 21 / 29
bruno
 
ça a ete un peu long car j'avais envoyé les rapports, mais visiblement ça n'a pas marché
désolé, j'aurais pu attendre longtemps

donc les voici

ComboFix 08-10-24.02 - bruno 2008-10-25 14:54:33.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1241 [GMT 2:00]
Lancé depuis: C:\Users\bruno\Downloads\ComboFix.exe
Commutateurs utilisés :: C:\Users\bruno\Desktop\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\users\bruno\appdata\local\oaicw.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-25 au 2008-10-25 ))))))))))))))))))))))))))))))))))))
.

2008-10-25 11:58 . 2008-10-25 11:58 <REP> d-------- C:\_OTMoveIt
2008-10-25 00:42 . 2008-10-25 00:42 <REP> d-------- C:\Program Files\BitTorrent
2008-10-24 23:27 . 2008-10-24 23:27 <REP> d-------- C:\VundoFix Backups
2008-10-24 11:30 . 2008-10-24 11:30 <REP> d-------- C:\Users\bruno\AppData\Roaming\Windows Live Writer
2008-10-24 02:17 . 2008-10-24 02:17 <REP> d-------- C:\Users\bruno\AppData\Roaming\Malwarebytes
2008-10-24 02:17 . 2008-10-24 02:17 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-24 02:17 . 2008-10-24 02:17 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-24 02:17 . 2008-10-25 10:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-24 00:56 . 2008-10-24 01:34 <REP> d-------- C:\Program Files\Navilog1
2008-10-23 21:45 . 2008-10-23 21:45 <REP> d-------- C:\Program Files\Panda Security
2008-10-23 21:45 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-10-23 20:53 . 2008-10-23 20:53 <REP> d-------- C:\Users\bruno\AppData\Roaming\GlarySoft
2008-10-23 20:46 . 2008-10-23 20:46 <REP> d-------- C:\Program Files\Glary Utilities
2008-10-23 00:29 . 2006-03-31 12:39 67,280 --a------ C:\Users\bruno\infinst.exe
2008-10-22 20:44 . 2000-07-14 23:00 101,888 --a------ C:\Windows\System32\VB6STKIT.DLL
2008-10-22 13:24 . 2008-10-22 13:24 <REP> d-------- C:\Users\bruno\AppData\Roaming\Uniblue
2008-10-19 04:25 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-10-18 23:34 . 2008-10-18 23:34 <REP> d-------- C:\Users\bruno\AppData\Roaming\PeerNetworking
2008-10-18 13:25 . 2008-10-18 13:25 <REP> d-------- C:\Windows\Sun
2008-10-15 11:51 . 2008-09-18 07:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 11:51 . 2008-09-18 07:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 11:51 . 2008-09-18 04:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-15 11:51 . 2008-10-02 03:32 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-10-15 11:51 . 2008-10-02 05:49 827,392 --a------ C:\Windows\System32\wininet.dll
2008-10-15 11:51 . 2008-08-27 03:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-11 03:46 . 2008-10-11 03:46 244 --ah----- C:\sqmnoopt00.sqm
2008-10-11 03:46 . 2008-10-11 03:46 232 --ah----- C:\sqmdata00.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 11:48 54,133 ----a-w C:\Users\bruno\AppData\Roaming\nvModes.dat
2008-10-25 09:55 --------- d-----w C:\Users\bruno\AppData\Roaming\OpenOffice.org2
2008-10-25 08:16 --------- d-----w C:\Users\bruno\AppData\Roaming\DNA
2008-10-24 22:46 --------- d-----w C:\Users\bruno\AppData\Roaming\uTorrent
2008-10-24 22:46 --------- d-----w C:\Users\bruno\AppData\Roaming\BitTorrent
2008-10-24 12:24 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-10-24 12:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-24 12:12 --------- d-----w C:\Program Files\ANACONDA
2008-10-22 08:39 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-20 17:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-16 01:03 --------- d-----w C:\Program Files\Windows Mail
2008-09-06 12:00 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-09-06 11:51 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-09-01 20:51 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-31 13:18 --------- d-----w C:\Program Files\Simbin
2008-08-31 01:06 --------- d-----w C:\Program Files\ProtectDisc Driver Installer
2008-08-29 23:54 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-08-29 23:29 --------- d-----w C:\Program Files\OO Software
2008-08-29 22:32 355,584 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-08-29 22:32 --------- d-----w C:\Users\bruno\AppData\Roaming\TuneUp Software
2008-08-29 22:31 --------- d-----w C:\ProgramData\TuneUp Software
2008-08-29 22:09 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-29 21:59 --------- d-----w C:\ProgramData\Micro Application
2008-08-29 21:42 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-29 19:44 --------- d-----w C:\Program Files\Sierra
2008-08-29 19:33 --------- d-----w C:\Program Files\PowerISO
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-07 00:40 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-10-25_10.45.04,50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-25 08:18:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-25 11:48:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-25 08:18:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-25 11:48:06 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-25 08:20:13 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-25 11:51:10 155,648 ----a-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-10-25 08:19:32 159,744 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-25 11:51:05 159,744 ----a-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-10-25 08:18:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-25 11:48:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-25 08:18:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-25 11:48:24 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-25 08:18:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-25 11:48:24 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-25 08:42:15 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-25 11:48:25 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-10-25 11:48:25 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-10-25 08:20:54 15,308 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3158495557-1537864553-3693362006-1000_UserData.bin
+ 2008-10-25 11:51:28 15,316 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3158495557-1537864553-3693362006-1000_UserData.bin
- 2008-10-25 08:20:54 77,286 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-25 11:51:28 77,302 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-25 08:20:53 59,032 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-25 11:51:27 59,084 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"oaicw"="c:\users\bruno\appdata\local\oaicw.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 827392]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-24 29744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-09 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-09 8433664]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe
"Windows Live Mail"=C:\Program Files\Windows Live\Mail\wlmail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TerraTec Remote Control"="C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"RemoteControl"="C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"
"LanguageShortcut"="C:\Program Files\Home Cinema\PowerDVD\Language\Language.exe"
"GenePccMon"=C:\Program Files\Genesys PC Camera Device\GenePccMon.exe
"LiveMarkHelper"=C:\Program Files\LiveMark\LiveMarkHelper.exe
"OODefragTray"=C:\Windows\system32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0E9051F0-035F-4213-9018-0EABD12A7FFD}"= C:\Program Files\Home Cinema\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{0ED00E97-6300-415E-ABB6-3E8CB42FCB29}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F12EB5AD-9D89-46EB-AB4A-7B5C78DD5D06}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{79F90B70-ECB1-46F3-95B9-27839FDF77B1}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"{EE637785-CBD7-4752-9B1F-012454A9E691}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{03C81CD9-EE7F-46D8-BA5B-50437DE28E53}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{01CE92F2-BCFD-450F-86BA-BF1EE82BA072}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{D991C3F0-A6FA-40E2-97C4-2F4435D34536}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{348C6E57-28D3-43DB-9207-8A493932E6B9}C:\\program files\\zattoo\\zattoo.exe"= UDP:C:\program files\zattoo\zattoo.exe:
"UDP Query User{CF9BE8ED-4702-4983-89F9-64F6E77BAD84}C:\\program files\\zattoo\\zattoo.exe"= TCP:C:\program files\zattoo\zattoo.exe:
"{AA9C36EB-322F-4C49-9519-2CF39C8A83D7}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B5645C52-D8AA-43FF-BFDE-972891B3CB3F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{97E05588-E754-48F8-BBCD-E2B15A4104D0}C:\\users\\bruno\\desktop\\utorrent.exe"= UDP:C:\users\bruno\desktop\utorrent.exe:utorrent.exe
"UDP Query User{AB4B2FE0-3AB0-40FB-8DB7-8721E9A7781F}C:\\users\\bruno\\desktop\\utorrent.exe"= TCP:C:\users\bruno\desktop\utorrent.exe:utorrent.exe
"{090135FB-3103-4C8F-B4C1-06CBBC412486}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{F02A63B1-1913-4AC0-B44E-B6F303A4D08A}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{31D23EEE-475B-4944-AB5C-68942047AACB}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{6D2BBA13-5C44-44AA-9C3E-0107781B18EE}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{2F50C0B3-D833-4072-98F0-424CCAB28D1E}C:\\users\\bruno\\program files\\dna\\btdna.exe"= UDP:C:\users\bruno\program files\dna\btdna.exe:btdna.exe
"UDP Query User{2B2DCAE0-BA76-4F56-BFD6-2C8C281B4264}C:\\users\\bruno\\program files\\dna\\btdna.exe"= TCP:C:\users\bruno\program files\dna\btdna.exe:btdna.exe
"TCP Query User{E39255B5-E492-4EF5-96AB-7AC2AA91CBCD}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= UDP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials
"UDP Query User{9F708AC0-8A16-4984-9725-A31E3195474C}C:\\program files\\nero\\nero 7\\nero showtime\\showtime.exe"= TCP:C:\program files\nero\nero 7\nero showtime\showtime.exe:Nero ShowTime Essentials
"{7A133F00-B10E-43A6-92BD-30449B178F4F}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{098BDB0D-D2DD-4D27-BD2F-7D2B2DF2ACFA}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{BEE8E604-4FD8-41FE-902C-16FF60EF651F}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B7E6ED81-38D9-4919-BD5D-1D7E9A081AA5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{754D9352-06DF-4DD1-84DC-157D4291E977}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{107F0D04-176E-404C-94EE-CEAAEF435A35}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{F962163F-2FE0-4140-ACCE-48E378C46103}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{DEDD338C-7776-4CAD-9738-68B869451A64}C:\\users\\bruno\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\bruno\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{BC800424-1091-4EFF-88A4-1956CE24F7BE}C:\\users\\bruno\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\bruno\program files\bittorrent\bittorrent.exe:bittorrent.exe
"{BF86E121-B219-4D35-A4C8-6B9674E6EB80}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{D29C7B48-A840-480B-B31F-54ECE2E0BB00}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{FA53881A-266A-4271-9D92-0AB609959436}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{64875E0F-1698-4FFB-A6C0-076ED884940F}"= UDP:C:\Users\bruno\Desktop\utorrent.exe:µTorrent (TCP-In)
"{2B9F547E-9E31-4A70-821B-65EA6D0DF0CC}"= TCP:C:\Users\bruno\Desktop\utorrent.exe:µTorrent (UDP-In)
"{1540F517-60FC-4CC0-B8EF-1287250AB8C1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{6AD79998-E38F-45FF-AF05-9EB2D034445F}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{265D1108-D697-41D3-B497-3E52343C7971}"= UDP:C:\Users\bruno\Desktop\utorrent.exe:µTorrent (TCP-In)
"{C171381A-73A5-45C6-BA8F-EB5C376F6A46}"= TCP:C:\Users\bruno\Desktop\utorrent.exe:µTorrent (UDP-In)
"{E5183A1D-3C30-4508-8912-2735BECC1A90}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{56554714-3718-4000-B1F5-EDF0E3521840}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{1293BB61-9130-4151-92E4-1497869DF990}"= UDP:C:\Users\bruno\Desktop\utorrent.exe:µTorrent (TCP-In)
"{C96B8CBC-2EA4-40B4-ACA8-EB3A4704A2DA}"= TCP:C:\Users\bruno\Desktop\utorrent.exe:µTorrent (UDP-In)
"TCP Query User{263F30AD-EB95-42CA-8F1C-9EC4B358B819}C:\\program files\\dna\\btdna.exe"= UDP:C:\program files\dna\btdna.exe:DNA
"UDP Query User{F932F3E2-CB9E-45EF-96C7-54FFC83666F5}C:\\program files\\dna\\btdna.exe"= TCP:C:\program files\dna\btdna.exe:DNA
"UDP Query User{CFE535EB-F1E5-4354-883A-704168D29770}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{DEBB1821-058F-48EC-A438-9DE7E94C818D}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"{FF06F8DB-3530-416C-857C-03FC2049C4CB}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{9AE81A4F-A77C-4515-8A4F-1D92EC493DCE}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{0F7892F4-E366-405A-8D09-38E7A4748382}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{46DDC118-87B4-467E-B552-5A2DE9135DD7}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisabledInterfaces"= {009F7B72-6D0E-4E48-B0B1-65FABE0971B8},{7F3219CF-7B90-4A05-8C19-34D437CE05E2}
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\Home Cinema\PowerDVD\[u]0/u00.fcl [2006-11-02 16:51 13560]
R2 acedrv11;acedrv11;C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 501560]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 LiveMark;LiveMark Family;C:\Program Files\LiveMark\LiveMark.exe [2006-07-03 180224]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;C:\Windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 47616]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-24 29744]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-30 355584]
S3 USB28xxBGA;Cinergy EM28xx Capture;C:\Windows\system32\DRIVERS\emBDA.sys [2006-11-15 378880]
S3 USB28xxOEM;Cinergy EM28xx OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2006-11-15 27904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{86940fc9-59b7-11dd-a2e1-0040d0b7e4ca}]
\shell\AutoRun\command - F:\autorun.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-25 C:\Windows\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]

2008-10-25 C:\Windows\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-09-17 16:35]

2008-10-25 C:\Windows\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:23]

2008-10-25 C:\Windows\Tasks\User_Feed_Synchronization-{A5C3E560-C0B5-4905-B8B6-DF776644B9FE}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2008-10-25 C:\Windows\Tasks\User_Feed_Synchronization-{F6C876BC-173C-40FB-AF06-707F6F1037AD}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]

2008-06-01 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 14:56:40
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-25 14:57:57
ComboFix-quarantined-files.txt 2008-10-25 12:57:54
ComboFix2.txt 2008-10-25 08:45:54

Avant-CF: 86 769 786 880 octets libres
Après-CF: 86,735,495,168 octets libres

255 --- E O F --- 2008-10-24 10:55:31

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:25, on 25/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4343
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oaicw] "c:\users\bruno\appdata\local\oaicw.exe" oaicw
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveMark Family (LiveMark) - Unknown owner - C:\Program Files\LiveMark\LiveMark.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 22 / 29
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
- lance navilog

- choisi cette fois ci l option 4 "désinfection manuelle"

- tape ceci : oaicw

- lance la désinfection et poste le rapport qui sera généré à la fin stp
0
Réponse 23 / 29
bruno
 
et voici le rapport

Clean Navipromo version 3.6.7 commencé le 25/10/2008 à 17:56:28,67

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "bruno"

Mise à jour le 22.10.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS

Mode suppression par méthode manuelle

Nom du fichier saisi : oaicw

Nettoyage exécuté au redémarrage de l'ordinateur

*** Recherche, création sauvegardes et suppression ***

* Suppression dans "C:\Windows\system32" *

* Suppression dans "C:\Users\bruno\AppData\Local\Microsoft" *

* Suppression dans "C:\Users\bruno\AppData\Local\virtualstore\windows\system32" *

* Suppression dans "C:\Users\bruno\AppData\Local" *

*** Suppression dossiers dans "C:\Windows" ***

*** Suppression dossiers dans "C:\Program Files" ***

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***

*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***

*** Suppression dossiers dans "C:\ProgramData" ***

*** Suppression dossiers dans c:\users\bruno\appdata\roaming\micros~1\windows\startm~1\programs ***

*** Suppression dossiers dans "C:\Users\bruno\AppData\Local\virtualstore\Program Files" ***

*** Suppression dossiers dans "C:\Users\bruno\AppData\Roaming" ***

*** Suppression fichiers ***

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\bruno\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans "C:\Windows\system32" *

* Dans "C:\Users\bruno\AppData\Local\Microsoft" *

* Dans "C:\Users\bruno\AppData\Local\virtualstore\windows\system32" *

* Dans "C:\Users\bruno\AppData\Local" *

*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 25/10/2008 à 18:03:30,07 ***

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:06:03, on 25/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4343
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oaicw] "c:\users\bruno\appdata\local\oaicw.exe" oaicw
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveMark Family (LiveMark) - Unknown owner - C:\Program Files\LiveMark\LiveMark.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 24 / 29
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
▶ Télécharger l'utilitaire FixVundo (Symantec) :

(c est le numéro 10 en bas de la page)

▶ Lancer "FixVundo" en double-cliquant sur son icône.

▶ Démarrer l'analyse en Cliquant sur "Start".

▶ A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire.

▶ copier/coller le rapport dans le nouveau message sur le forum
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 29
bruno
 
Symantec Trojan.Vundo Removal Tool 1.5.0

C:\Documents and Settings: (not scanned)
C:\Program Files\Fichiers communs: (not scanned)
C:\Program Files\Windows NT\Accessoires: (not scanned)
C:\ProgramData\Application Data: (not scanned)
C:\ProgramData\Bureau: (not scanned)
C:\ProgramData\Desktop: (not scanned)
C:\ProgramData\Documents: (not scanned)
C:\ProgramData\Favoris: (not scanned)
C:\ProgramData\Favorites: (not scanned)
C:\ProgramData\Menu Démarrer: (not scanned)
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes: (not scanned)
C:\ProgramData\Modèles: (not scanned)
C:\ProgramData\Start Menu: (not scanned)
C:\ProgramData\Templates: (not scanned)
C:\System Volume Information: (not scanned)
C:\Users\All Users\Application Data: (not scanned)
C:\Users\All Users\Bureau: (not scanned)
C:\Users\All Users\Desktop: (not scanned)
C:\Users\All Users\Documents: (not scanned)
C:\Users\All Users\Favoris: (not scanned)
C:\Users\All Users\Favorites: (not scanned)
C:\Users\All Users\Menu Démarrer: (not scanned)
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes: (not scanned)
C:\Users\All Users\Modèles: (not scanned)
C:\Users\All Users\Start Menu: (not scanned)
C:\Users\All Users\Templates: (not scanned)
C:\Users\bruno\AppData\Local\Application Data: (not scanned)
C:\Users\bruno\AppData\Local\Historique: (not scanned)
C:\Users\bruno\AppData\Local\Temporary Internet Files: (not scanned)
C:\Users\bruno\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes: (not scanned)
C:\Users\bruno\Application Data: (not scanned)
C:\Users\bruno\Cookies: (not scanned)
C:\Users\bruno\Local Settings: (not scanned)
C:\Users\bruno\Menu Démarrer: (not scanned)
C:\Users\bruno\Mes documents: (not scanned)
C:\Users\bruno\Modèles: (not scanned)
C:\Users\bruno\Recent: (not scanned)
C:\Users\bruno\SendTo: (not scanned)
C:\Users\bruno\Voisinage d'impression: (not scanned)
C:\Users\bruno\Voisinage réseau: (not scanned)
C:\Users\Default\AppData\Local\Application Data: (not scanned)
C:\Users\Default\AppData\Local\Historique: (not scanned)
C:\Users\Default\AppData\Local\History: (not scanned)
C:\Users\Default\AppData\Local\Temporary Internet Files: (not scanned)
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes: (not scanned)
C:\Users\Default\Application Data: (not scanned)
C:\Users\Default\Documents\Ma musique: (not scanned)
C:\Users\Default\Documents\Mes images: (not scanned)
C:\Users\Default\Documents\Mes vidéos: (not scanned)
C:\Users\Default\Documents\My Music: (not scanned)
C:\Users\Default\Documents\My Pictures: (not scanned)
C:\Users\Default\Documents\My Videos: (not scanned)
C:\Users\Default\Local Settings: (not scanned)
C:\Users\Default\Menu Démarrer: (not scanned)
C:\Users\Default\Mes documents: (not scanned)
C:\Users\Default\Modèles: (not scanned)
C:\Users\Default\My Documents: (not scanned)
C:\Users\Default\NetHood: (not scanned)
C:\Users\Default\PrintHood: (not scanned)
C:\Users\Default\Recent: (not scanned)
C:\Users\Default\SendTo: (not scanned)
C:\Users\Default\Start Menu: (not scanned)
C:\Users\Default\Templates: (not scanned)
C:\Users\Default\Voisinage d'impression: (not scanned)
C:\Users\Default\Voisinage réseau: (not scanned)
C:\Users\Default User: (not scanned)
C:\Users\Public\Documents\Ma musique: (not scanned)
C:\Users\Public\Documents\Mes images: (not scanned)
C:\Users\Public\Documents\Mes vidéos: (not scanned)
C:\Users\Public\Documents\My Music: (not scanned)
C:\Users\Public\Documents\My Pictures: (not scanned)
C:\Users\Public\Documents\My Videos: (not scanned)
Trojan.Vundo has not been found on your computer.
0
Réponse 26 / 29
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
relance hijackthis en cliquant sur scan only et coches ces lignes stp :

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O4 - HKCU\..\Run: [oaicw] "c:\users\bruno\appdata\local\oaicw.exe" oaicw
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

puis tu cliques sur fix checked.

est ce que tu as encore des problèmes ??
0
Réponse 27 / 29
bruno
 
re

oui toujours de très grosses lenteurs de connection
il y a toujours cette ligne qui ne veux pas disparaitre

O4 - HKCU\..\Run: [oaicw] "c:\users\bruno\appdata\local\oaicw.exe" oaicw

je pense qu'il est la le probleme

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:56, on 25/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4343
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oaicw] "c:\users\bruno\appdata\local\oaicw.exe" oaicw
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveMark Family (LiveMark) - Unknown owner - C:\Program Files\LiveMark\LiveMark.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 28 / 29
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
redémarre en mode sans échec avec prise en charge réseau stp

ensuite fais ceci :

▶ Télécharge OTMoveIt (de Old_Timer) sur ton Bureau

(c est le numéro 7 en bas de la page)

▶ Double-clique sur OTMoveIt.exe pour le lancer.
▶ Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.
▶ Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

c:\users\bruno\appdata\local\oaicw.exe

▶ clique sur MoveIt! pour lancer la suppression.
▶ Le résultat apparaitra dans le cadre "Results".
▶ Clique sur Exit pour fermer.
▶ Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

▶Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

ensuite :

Fix.reg

▶ Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisi nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en gras dans la citation ci-dessous (copie tout d'un trait sans les barres(x)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"oaicw"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin.
▶ Puis click sur "fichier"/"enregistrer sous" :
▶ dans : sur le bureau
▶ Nom du fichier : fix.reg
▶ Type de fichier : "tous les fichiers"
▶ clique sur "enregistrer"

▶ ca doit ressembler à ca une fois enregistré :

https://i39.servimg.com/u/f39/12/79/94/93/fixreg10.jpg

▶ double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

ensuite redémarre le pc et refais un nouveau rapport hijackthis stp
0
Réponse 29 / 29
bruno
 
bonjour geoffrey5

voici les 2 rapports
bizarre on dirait que la ligne apparait sans exister
pourtant le pc est toujours aussi lent alors qu'il ne l'était pas

File/Folder c:\users\bruno\appdata\local\oaicw.exe not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10262008_160336

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:15:17, on 26/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:4343
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [oaicw] "c:\users\bruno\appdata\local\oaicw.exe" oaicw
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveMark Family (LiveMark) - Unknown owner - C:\Program Files\LiveMark\LiveMark.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
0

Discussions similaires

Connexion à internet supprimée quand j'allume mon ordinateur
Herminilda -
_Ritchi_ -

28 réponses
gabriel
CNIL ou pas CNIL -
Gabriel -

5 réponses
Marseille Léo férré
Jipaibabs -
Joe's-HELP -

1 réponse
Facebook trop lent
informatiik -
Giu -

87 réponses
probleme affichage page internet
mag -
Dadhinio -

46 réponses