Se connecter / S'enregistrer
Votre question

Pourriez-vous m'aider à analyser le rapport de Hijackthis?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Juin 2008 12:51:52

Bjr;

Lors d'un scan lancé via avast, le cheval de troie small-huf a été déctecté sur mon pc.
En consultant le forum, j'ai vu un poste de Ju-po datant d'avril deernier où on lui conseillait de télécharger Trend microsoft HijackThis et de lancer un scan.
C'est ce que j'ai fait mais je suis incapable d'analyser le rapport ci-dessous.
Est ce que quelqu'un pourrait m'aider svp ? :??: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:02, on 22/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\hp\KBD\kbd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent\utorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9269 bytes

Autres pages sur : pourriez aider analyser rapport hijackthis

22 Juin 2008 13:02:19

:hello:  Bonjour,

Citation :
Lors d'un scan lancé via avast, le cheval de troie small-huf a été déctecté sur mon pc.


Je peux avoir l'emplacement du fichier en question détecté par Avast! ? ( = le chemin d'accès )

;) 
22 Juin 2008 13:08:41

Bonjour merillym,

chemin : memory.bmp sur c:/windows est bien cela que tu voulais ?
Contenus similaires
22 Juin 2008 13:55:24

Tu peux me donner le chemin complet ? Si c'est possible... ;) 

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.
  • ferme toutes les applications et fenêtres
  • double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous
    Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)
  • s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
  • tu devras cliquer 2 fois sur le OK des boîtes de dialogue
    Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée
  • quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :
    main.txt <- ouvert en premier plan et en plein écran
    extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
    S'il s'agit d'une utilisation supplémentaire de DSS :
  • tu n'auras pas de boîte de dialogue (pas de OK)
  • quand le traitement est terminé, un fichier texte s'affiche :
    main.txt <- ouvert en premier plan et en plein écran

  • copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
  • copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
  • n'oublie pas de réactiver les protections si elles ont été stoppées.



    Ce que fait DSS :
  • crée un point de restauration dans Windows XP et Vista
  • nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
  • vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

    ;) 
    22 Juin 2008 14:47:20

    alors pour ce qui concerne le chemin d'accès, avast me donne juste les infos suivantes :

    nom : mermory.dmp
    localisation d'origine : c:/windows (pas dinfos sup si je fais clic droit ou propriété)

    POur le rapport maintxt :

    Deckard's System Scanner v20071014.68
    Run by Marion on 2008-06-22 14:33:06
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- Last 5 Restore Point(s) --
    35: 2008-06-21 23:26:56 UTC - RP416 - Point de contrôle planifié
    34: 2008-06-21 10:29:40 UTC - RP415 - Installed iTunes
    33: 2008-06-21 10:22:49 UTC - RP414 - Installation du package de pilote logiciel : Apple, Inc. Contrôleurs de bus USB
    32: 2008-06-21 10:02:10 UTC - RP413 - Windows Update
    31: 2008-06-18 11:44:05 UTC - RP412 - Windows Update


    -- First Restore Point --
    1: 2008-03-23 20:46:19 UTC - RP381 - Installed Java(TM) 6 Update 5


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 446 MiB (1024 MiB recommended).


    -- HijackThis (run as Marion.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:41:00, on 22/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\hp\KBD\kbd.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\mobsync.exe
    C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8Y6G1PEU\dss[1].exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Marion.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent\utorrent.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 9314 bytes

    -- File Associations -----------------------------------------------------------

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    All drivers whitelisted.


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
    R2 Bonjour Service (Service Bonjour) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
    R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>

    S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
    S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


    -- Device Manager: Disabled ----------------------------------------------------

    No disabled devices found.


    -- Files created between 2008-05-22 and 2008-06-22 -----------------------------

    2008-06-22 12:33:28 0 d-------- C:\Program Files\Trend Micro
    2008-06-21 12:33:25 0 d-------- C:\Program Files\iPod
    2008-06-21 12:32:35 0 d-------- C:\Program Files\iTunes
    2008-06-21 12:29:23 0 d-------- C:\Program Files\Bonjour
    2008-06-21 12:27:12 0 d-------- C:\Users\All Users\Apple Computer
    2008-06-21 12:25:09 0 d-------- C:\Program Files\Apple Software Update
    2008-06-21 12:21:57 0 d-------- C:\Program Files\Common Files\Apple
    2008-06-21 12:21:51 0 d-------- C:\Users\All Users\Apple


    -- Find3M Report ---------------------------------------------------------------

    2008-06-21 12:35:00 0 d-------- C:\Users\Marion\AppData\Roaming\Apple Computer
    2008-06-21 12:28:48 0 d-------- C:\Program Files\QuickTime
    2008-06-21 12:21:57 0 d-------- C:\Program Files\Common Files
    2008-06-18 13:30:25 0 d-------- C:\Users\Marion\AppData\Roaming\Canon
    2008-06-13 23:04:29 0 d-------- C:\Program Files\Corel
    2008-06-13 22:13:56 690594 --a------ C:\Windows\system32\perfh00C.dat
    2008-06-13 22:13:56 117366 --a------ C:\Windows\system32\perfc00C.dat
    2008-06-12 18:08:21 0 d-------- C:\Program Files\Windows Mail
    2008-05-28 12:44:45 2828 --ahs---- C:\Windows\system32\KGyGaAvL.sys
    2008-05-28 12:44:15 88 -r-hs---- C:\Windows\system32\4C637E4767.sys


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/05/2007 19:20]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [28/09/2006 15:42]
    "KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 17:44]
    "RtHDVCpl"="RtHDVCpl.exe" [09/11/2006 12:57 C:\Windows\RtHDVCpl.exe]
    "DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [08/11/2006 00:52]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [17/02/2005 00:11]
    "@"="" []
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [12/03/2007 10:22]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 01:19]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [06/07/2007 21:15]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/07/2007 21:15]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/07/2007 21:15]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/06/2008 11:13]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/04/2007 00:29]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 19:03]
    "µTorrent"="C:\Program Files\utorrent\utorrent.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:34]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [18/02/2008 12:58]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Launcher"=%WINDIR%\SMINST\launcher.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [03/09/2007 17:35:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
    LocalServiceNoNetwork PLA DPS BFE mpssvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0e68719-0455-11dc-baf8-0018f3fa9209}]
    AutoRun\command- J:\InstallTomTomHOME.exe

    *Newly Created Service* - ASWFSBLK
    *Newly Created Service* - ASWSP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- Hosts -----------------------------------------------------------------------

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    7791 more entries in hosts file.


    -- End of Deckard's System Scanner: finished at 2008-06-22 14:43:11 ------------



    Pour extra.txt
    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft® Windows Vista™ Édition Familiale Basique (build 6000)
    Architecture: X86; Language: French

    CPU 0: AMD Athlon(tm) 64 Processor 3500+
    Percentage of Memory in Use: 84%
    Physical Memory (total/avail): 445.94 MiB / 69.23 MiB
    Pagefile Memory (total/avail): 1438.45 MiB / 538.69 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1932.68 MiB

    C: is Fixed (NTFS) - 228.18 GiB total, 170.06 GiB free.
    D: is Fixed (NTFS) - 4.71 GiB total, 0.91 GiB free.
    E: is CDROM (No Media)
    F: is CDROM (No Media)
    G: is Removable (No Media)
    H: is Removable (No Media)
    I: is Removable (No Media)
    J: is Removable (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD2500JS-60NCB1 ATA Device - 232.88 GiB - 2 partitions
    \PARTITION0 (bootable) - Système de fichiers installable - 228.18 GiB - C:
    \PARTITION1 - Système de fichiers installable - 4.71 GiB - D:

    \\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

    \\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

    \\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

    \\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device



    -- Security Center -------------------------------------------------------------

    AUOptions is scheduled to auto-install.
    Windows Internal Firewall is enabled.

    AV: avast! antivirus 4.8.1201 [VPS 080621-0] v4.8.1201 (ALWIL Software)
    AS: Spybot - Search and Destroy v1.0.0.4 (Safer Networking Ltd.) Outdated
    AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
    AS: avast! antivirus 4.8.1201 [VPS 080621-0] v4.8.1201 (ALWIL Software)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\ProgramData
    APPDATA=C:\Users\Marion\AppData\Roaming
    CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=PC-DE-MARION
    ComSpec=C:\Windows\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Users\Marion
    LOCALAPPDATA=C:\Users\Marion\AppData\Local
    LOGONSERVER=\\PC-DE-MARION
    NUMBER_OF_PROCESSORS=1
    OnlineServices=Services en ligne
    OS=Windows_NT
    Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    PCBRAND=Presario
    PLATFORM=HPD
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=4f02
    ProgramData=C:\ProgramData
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    PUBLIC=C:\Users\Public
    QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
    RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
    SystemDrive=C:
    SystemRoot=C:\Windows
    TEMP=C:\Users\Marion\AppData\Local\Temp
    TMP=C:\Users\Marion\AppData\Local\Temp
    USERDOMAIN=PC-de-Marion
    USERNAME=Marion
    USERPROFILE=C:\Users\Marion
    windir=C:\Windows


    -- User Profiles ---------------------------------------------------------------

    Marion


    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
    --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
    --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
    --> C:\Windows\UNNeroVision.exe /UNINSTALL
    --> C:\Windows\UNRecode.exe /UNINSTALL
    3DBELOTE II --> "C:\Users\Marion\Saved Games\3DBELOTE\unins000.exe"
    Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
    Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    Adobe® Photoshop® Album Edition Découverte 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
    Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
    Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
    avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
    DVD Play --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    FIFA 07 --> C:\Program Files\EA SPORTS\FIFA 07\EAUninstall.exe
    Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
    HP Easy Setup - Core --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}\setup.exe" -l0x9
    HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
    HP Picasso Media Center Add-In --> MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
    HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
    iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
    LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"
    livebox --> C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly
    livebox --> C:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe -runfromtemp -l0x040c -removeonly
    LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
    Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
    Microsoft Works --> MsiExec.exe /I{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}
    MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    Nero 7 Premium --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036}
    neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
    OcxSetup --> MsiExec.exe /I{C3DC29BC-A8CF-4578-9DFC-37F049C44771}
    Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
    Outils de diagnostic du matériel --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
    Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
    QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
    RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\Setup.exe" -l0x40c
    Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
    Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
    Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
    Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
    Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
    Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
    Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
    Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Solution de clavier multimédia amélioré --> C:\HP\KBD\Install.exe /u
    TomTom HOME --> C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
    VC_MergeModuleToMSI --> MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
    VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Virtual Villagers --> "C:\Program Files\orange\jeux\Virtual Villagers\Uninstall.exe" "C:\Program Files\orange\jeux\Virtual Villagers\install.log"
    Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
    Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
    WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


    -- Application Event Log -------------------------------------------------------

    Event Record #/Type16298 / Error
    Event Submitted/Written: 06/22/2008 02:39:24 PM
    Event ID/Source: 1002 / Application Hang
    Event Description:
    Le programme iexplore.exe version 7.0.6000.16681 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration.
    ID de processus : 1104
    Heure de début : 01c8d45085035f10
    Heure de fin : 0

    Event Record #/Type16286 / Success
    Event Submitted/Written: 06/21/2008 08:31:19 PM
    Event ID/Source: 902 / Software Licensing Service
    Event Description:
    Le service de gestion des licences du logiciel a démarré.

    Event Record #/Type16279 / Success
    Event Submitted/Written: 06/21/2008 08:30:14 PM
    Event ID/Source: 5617 / WinMgmt
    Event Description:


    Event Record #/Type16278 / Success
    Event Submitted/Written: 06/21/2008 08:30:09 PM
    Event ID/Source: 5615 / WinMgmt
    Event Description:


    Event Record #/Type16267 / Warning
    Event Submitted/Written: 06/21/2008 08:27:56 PM
    Event ID/Source: 1530 / profsvc
    Event Description:
    Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela.

    DÉTAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-342949477-697015563-2727751788-1000_Classes:
    Process 1784 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-342949477-697015563-2727751788-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache



    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    Event Record #/Type62526 / Error
    Event Submitted/Written: 06/22/2008 00:53:54 AM
    Event ID/Source: 7011 / Service Control Manager
    Event Description:
    30000Netman

    Event Record #/Type62439 / Error
    Event Submitted/Written: 06/21/2008 08:31:11 PM
    Event ID/Source: 7000 / Service Control Manager
    Event Description:
    Parallel port driver%%1058

    Event Record #/Type62390 / Error
    Event Submitted/Written: 06/21/2008 08:29:06 PM
    Event ID/Source: 6 / ACPI
    Event Description:
    IRQARB : le BIOS ACP ne contient pas un IRQ pour le périphérique dans le connecteur PCI 9, fonction 0.
    Contactez le fabricant de votre ordinateur pour une assistance technique.

    Event Record #/Type62389 / Warning
    Event Submitted/Written: 06/21/2008 08:28:34 PM
    Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
    Event Description:


    Event Record #/Type62342 / Warning
    Event Submitted/Written: 06/21/2008 00:39:26 PM
    Event ID/Source: 3004 / WinDefend
    Event Description:
    L’agent de protection en temps réel %PC-de-Marion27 a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. %PC-de-Marion27 ne peut pas annuler les modifications que vous autorisez.

    Pour plus d’informations, consultez les données suivantes :
    %PC-de-Marion275

    ID d’analyse : {61713CE1-787E-4C5B-B8F1-19FBF1E8329F}

    Utilisateur : PC-de-Marion\Marion

    Nom : %PC-de-Marion271

    ID : %PC-de-Marion272

    ID de gravité : %PC-de-Marion273

    ID de catégorie : %PC-de-Marion274

    Chemin d’accès trouvé : %PC-de-Marion276

    Type d’alerte : %PC-de-Marion278

    Type de détection : 1.1.1505.02



    -- End of Deckard's System Scanner: finished at 2008-06-22 14:43:11 ------------



    Voilà.
    Merci de te rendre dispo et de nous aider !
    22 Juin 2008 21:34:07

    Bonsoir Merillym, :hello: 

    Merci de m'avoir aider tout à l'heure.
    Si tu as encore un peu de temps à mon consacrer, je suivrais dès demain après midi tes recommandations pour la suite des opérations. ;) 

    23 Juin 2008 21:03:39

    :hello:  Bonsoir,

    Je t'ai oublié(e), oups... mes excuses.

    Je te réponds dans quelques minutes, le temps d'analyser le dernier rapport.

    ;) 
    23 Juin 2008 21:07:29

    Je ne vois rien de vraiment inquiétant dans le dernier rapport :) 

    Citation :
    Lors d'un scan lancé via avast, le cheval de troie small-huf a été déctecté sur mon pc.


    Je peux avoir le chemin d'accès ( = emplacement ) du virus détecté par Avast! ?

    ;) 
    23 Juin 2008 21:29:00

    c'est gentil de me retrouver ;) 

    avast a mis en quarantaine ...
    les infos que j'ai dans la zone de quarantaine sont :

    localisation : c:/windows ...

    un clic droit et propriété ne me donne aucune autre info.

    Peut on trouver autrement le chemin ?
    23 Juin 2008 21:45:50

    Re,

    Si c'est en quarantaine, aucun danger :) 

    Comment va le PC ?

    ;) 
    23 Juin 2008 21:52:55

    il rame ... beaucoup. des lenteurs à s'endormir ... souvent message type" internet explorer ne répond pas"
    23 Juin 2008 22:28:10

    qu'est ce que je fais ? Je le laisse en quarantaine ? je supprime ?

    Est ce que je desinstalle avast pour autre antivirus ? Si oui qu'advient il des éléments qui sont en quarantaine ? :pt1cable: 
    26 Juin 2008 21:25:02

    :hello:  je crois que tu m'as encore oublié ... :whistle: 
    26 Juin 2008 23:33:08

    Re,

    Oups... :D 

    Bon poste un nouveau rapport Dss scan, je vais revérifier.

    ;) 
    30 Juin 2008 22:49:28

    Re ! :lol: 


    Voila le nouveau rapport dss. Par contre pas de page extra.txt ouverte cette fois ...


    Deckard's System Scanner v20071014.68
    Run by Marion on 2008-06-30 22:45:24
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Percentage of Memory in Use: 78% (more than 75%).
    Total Physical Memory: 446 MiB (1024 MiB recommended).


    -- HijackThis (run as Marion.exe) ----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:45:44, on 30/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\hp\KBD\kbd.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
    C:\Users\Marion\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVIS9EFA\dss[1].exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Marion.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent\utorrent.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 8214 bytes

    -- Files created between 2008-05-30 and 2008-06-30 -----------------------------

    2008-06-30 21:36:18 0 d-------- C:\Users\Marion\60 ans papa <60ANSP~1>
    2008-06-26 21:16:04 0 d-------- C:\Program Files\BitComet
    2008-06-26 21:07:47 0 d-------- C:\Windows\system32\URTTEMP
    2008-06-22 12:33:28 0 d-------- C:\Program Files\Trend Micro
    2008-06-21 12:33:25 0 d-------- C:\Program Files\iPod
    2008-06-21 12:32:35 0 d-------- C:\Program Files\iTunes
    2008-06-21 12:29:23 0 d-------- C:\Program Files\Bonjour
    2008-06-21 12:27:12 0 d-------- C:\Users\All Users\Apple Computer
    2008-06-21 12:25:09 0 d-------- C:\Program Files\Apple Software Update
    2008-06-21 12:21:57 0 d-------- C:\Program Files\Common Files\Apple
    2008-06-21 12:21:51 0 d-------- C:\Users\All Users\Apple


    -- Find3M Report ---------------------------------------------------------------

    2008-06-30 21:31:54 699984 --a------ C:\Windows\system32\perfh00C.dat
    2008-06-30 21:31:54 121814 --a------ C:\Windows\system32\perfc00C.dat
    2008-06-22 17:09:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
    2008-06-21 12:35:00 0 d-------- C:\Users\Marion\AppData\Roaming\Apple Computer
    2008-06-21 12:28:48 0 d-------- C:\Program Files\QuickTime
    2008-06-21 12:21:57 0 d-------- C:\Program Files\Common Files
    2008-06-18 13:30:25 0 d-------- C:\Users\Marion\AppData\Roaming\Canon
    2008-06-13 23:04:29 0 d-------- C:\Program Files\Corel
    2008-06-12 18:08:21 0 d-------- C:\Program Files\Windows Mail
    2008-05-28 12:44:45 2828 --ahs---- C:\Windows\system32\KGyGaAvL.sys
    2008-05-28 12:44:15 88 -r-hs---- C:\Windows\system32\4C637E4767.sys


    -- Registry Dump ---------------------------------------------------------------

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/05/2007 19:20]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [28/09/2006 15:42]
    "KBD"="C:\HP\KBD\KBD.EXE" [02/02/2005 17:44]
    "RtHDVCpl"="RtHDVCpl.exe" [09/11/2006 12:57 C:\Windows\RtHDVCpl.exe]
    "DPService"="C:\Program Files\HP\DVDPlay\DPService.exe" [08/11/2006 00:52]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [17/02/2005 00:11]
    "@"="" []
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 01:19]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/03/2007 15:57]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [06/07/2007 21:15]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/07/2007 21:15]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/07/2007 21:15]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/06/2008 11:13]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [04/04/2007 00:29]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [27/06/2007 19:03]
    "µTorrent"="C:\Program Files\utorrent\utorrent.exe" []
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:34]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [18/02/2008 12:58]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
    "Launcher"=%WINDIR%\SMINST\launcher.exe

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [03/09/2007 17:35:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"=2 (0x2)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @="Volume shadow copy"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
    @="IEEE 1394 Bus host controllers"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
    @="SBP2 IEEE 1394 Devices"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
    @="SecurityDevices"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
    LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
    LocalServiceNoNetwork PLA DPS BFE mpssvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0e68719-0455-11dc-baf8-0018f3fa9209}]
    AutoRun\command- J:\InstallTomTomHOME.exe


    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    C:\Windows\system32\unregmp2.exe /ShowWMP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



    -- End of Deckard's System Scanner: finished at 2008-06-30 22:46:14 ------------

    1 Juillet 2008 18:49:35

    :hello:  Bonsoir,

    Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked ! N.B : Il est très important de fermer toutes les applications en cours et de se déconnecter d'internet pour fixer avec hijackthis au risque d'interférer avec les résultats de la manip'.

    Redémarre le PC pour que les changements soient pris en compte.

    Redémarre en mode sans échecs

    Note :/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\


    ==> Supprime manuellement les fichiers/dossiers suivants en gras ( si présents ) :

    C:\WINDOWS\SMINST\launcher.exe
    C:\Windows\system32\4C637E4767.sys

    ==> Vide ta corbeille.

    ==> Redémarre en mode normal et poste un nouveau rapport hijackthis.

    ***

    Désinstalle via Ajout/Suppression de Programmes (si présents) :
  • Avast!

    Télécharge et exécute : http://www.avast.com/eng/avast-uninstall-utility.html

    Télécharge Ccleaner sur ton Bureau.

  • Clique sur "download the latest version"
  • Installe-le en laissant seulement les options suivantes cochées :
    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner
  • Lance le Nettoyage
  • Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    Aide : Comment utiliser CCleaner.

    ***************

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu'il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficaces, lance le scan en mode sans échec.

    Pourquoi changer ? Avast vs Antivir.

    Aide : Comment installer et utiliser AntiVir.

    ;) 
    1 Juillet 2008 21:36:33

    Voila le nouveau rapport.

    Je continue en suivant à la lettre :) 

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:33:36, on 01/07/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16681)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\hp\KBD\kbd.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [DPService] "C:\Program Files\HP\DVDPlay\DPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\utorrent\utorrent.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 7815 bytes
    1 Juillet 2008 23:30:40

    voila le rapport antivir detaillé :



    Avira AntiVir Personal
    Report file date: mardi 1 juillet 2008 22:27

    Scanning for 1371745 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Boot mode: Normally booted
    Username: Marion
    Computer name: PC-DE-MARION

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 20:23:50
    ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 20:23:52
    ANTIVIR3.VDF : 7.0.5.30 47616 Bytes 01/07/2008 20:23:53
    Engineversion : 8.1.0.59
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.44 278907 Bytes 01/07/2008 20:24:25
    AESCN.DLL : 8.1.0.22 119157 Bytes 01/07/2008 20:24:23
    AERDL.DLL : 8.1.0.20 418165 Bytes 01/07/2008 20:24:21
    AEPACK.DLL : 8.1.1.6 364918 Bytes 01/07/2008 20:24:18
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 01/07/2008 20:24:14
    AEHEUR.DLL : 8.1.0.32 1274231 Bytes 01/07/2008 20:24:12
    AEHELP.DLL : 8.1.0.15 115063 Bytes 01/07/2008 20:24:01
    AEGEN.DLL : 8.1.0.29 307573 Bytes 01/07/2008 20:23:59
    AEEMU.DLL : 8.1.0.6 430451 Bytes 01/07/2008 20:23:57
    AECORE.DLL : 8.1.0.31 168310 Bytes 01/07/2008 20:23:55
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:, E:, F:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mardi 1 juillet 2008 22:27

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'VSSVC.exe' - '1' Module(s) have been scanned
    Scan process 'FlashUtil9e.exe' - '1' Module(s) have been scanned
    Scan process 'iPodService.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
    Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'ieuser.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'HOMERunner.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'daemon.exe' - '1' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
    Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
    Scan process 'rundll32.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'PSIService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    63 processes with 63 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '18' files ).


    Starting the file scan:

    Begin scan in 'C:\' <COMPAQ>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Users\Marion\Plug-in_messagerie_vocale_888.exe
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\Windows\System32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <Recovery>
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    Le périphérique n'est pas prêt.



    End of the scan: mardi 1 juillet 2008 23:17
    Used time: 49:52 min

    The scan has been done completely.

    13054 Scanning directories
    305131 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    305131 Files not concerned
    2375 Archives were scanned
    3 Warnings
    0 Notes

    je crois que tout est rentré dans l'ordre non ?
    2 Juillet 2008 08:55:22

    :hello:  Bonjour,

    Poste un nouveau rapport HijackThis et dis-moi comment va le PC.

    Toujours des problèmes ?

    ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS