Se connecter / S'enregistrer
Votre question

Message publicitaire a l'ouverture d'explorer

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Mai 2008 07:49:04

Bonjour comme le titre l'indique je suis envehit de message publicitaire a l'ouverture d'internet explorer et mon ordinateur est tres tres lent en plus. Voici un log que j'ai imprimer de hijack this si quelqu'un pourrais m'aider ca serait tres apprecier merci d'avance. Voici le log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:21:46, on 2008-05-22
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\notepad.exe
C:\Users\mario\Desktop\MARIO\hijack this\ccm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opNfDsSM.dll,#1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\mario\AppData\Local\Temp\wvUoOFWo.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\mario\AppData\Local\Temp\tuvSmkHX.dll,c
O4 - HKCU\..\Run: [BMf9a7783a] Rundll32.exe "C:\Users\mario\AppData\Local\Temp\sqjiuiym.dll",s
O4 - HKCU\..\Run: [fa944ba6] rundll32.exe "C:\Users\mario\AppData\Local\Temp\ujbramax.dll",b
O4 - HKCU\..\RunOnce: [Ceedo Repair] C:\Users\mario\AppData\Local\Temp\AutoDetect.exe /repair /drive=F /name=Ceedo
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6097 bytes

Autres pages sur : message publicitaire ouverture explorer

a b 8 Sécurité
22 Mai 2008 13:25:29

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    22 Mai 2008 14:35:09

    Merci de m'avoir repondus voici le rapport de combofix:

    ComboFix 08-05-21.2 - mario 2008-05-22 8:28:06.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2245 [GMT -4:00]
    Endroit: C:\Users\mario\Desktop\MARIO\bfu\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-21 20:48 . 2008-05-21 20:48 <REP> d-------- C:\Users\mario\AppData\Roaming\Template
    2008-05-21 20:48 . 2008-05-21 20:48 76 --a------ C:\Users\mario\AppData\Roaming\wklnhst.dat
    2008-05-21 11:24 . 2008-05-21 11:24 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy
    2008-05-21 11:24 . 2008-05-21 11:24 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy
    2008-05-21 11:24 . 2008-05-21 11:24 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-05-20 16:36 . 2008-05-20 16:36 47,525 --a------ C:\production-137-posterfr[1].jpg
    2008-05-18 23:24 . 2008-05-18 23:24 <REP> d-------- C:\Windows\Sun
    2008-05-17 22:04 . 2008-05-22 01:21 <REP> d-------- C:\Program Files\Navilog1
    2008-05-17 21:31 . 2008-05-21 12:38 <REP> d-------- C:\Windows\D45EC2594A194656B588C2C360DD18EA.TMP
    2008-05-17 20:57 . 2008-05-17 20:57 <REP> d-------- C:\Program Files\CCleaner
    2008-05-17 19:02 . 2008-05-21 12:37 <REP> d-------- C:\Program Files\Steam
    2008-05-17 19:02 . 2008-05-17 19:06 <REP> d-------- C:\Program Files\Common Files\Steam
    2008-05-17 13:15 . 2008-05-17 13:27 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
    2008-05-17 13:15 . 2008-05-17 13:15 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
    2008-05-17 13:15 . 2008-05-17 13:27 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
    2008-05-17 12:26 . 2008-05-17 12:26 <REP> d-------- C:\VundoFix Backups
    2008-05-17 12:23 . 2008-05-17 12:23 <REP> d-------- C:\Program Files\Common Files\Canon
    2008-05-17 11:53 . 2008-05-17 11:53 <REP> d--h----- C:\Users\All Users\CanonBJ
    2008-05-17 11:53 . 2008-05-17 11:53 <REP> d--h----- C:\ProgramData\CanonBJ
    2008-05-17 00:34 . 2008-05-17 13:45 <REP> d-------- C:\Program Files\WarRock
    2008-05-17 00:03 . 2008-05-17 00:03 <REP> d-------- C:\Temp
    2008-05-16 22:58 . 2008-05-16 22:58 <REP> d-------- C:\Windows\PCHEALTH
    2008-05-16 22:51 . 2008-05-17 00:09 <REP> d-------- C:\Users\mario\AppData\Roaming\LimeWire
    2008-05-16 22:50 . 2008-05-16 22:58 <REP> d-------- C:\Program Files\Windows Live
    2008-05-16 22:50 . 2008-05-16 22:57 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
    2008-05-16 22:49 . 2008-05-16 22:49 <REP> d-------- C:\Users\All Users\WLInstaller
    2008-05-16 22:49 . 2008-05-16 22:49 <REP> d-------- C:\ProgramData\WLInstaller
    2008-05-16 22:43 . 2008-05-16 23:59 <REP> d-------- C:\Users\mario\AppData\Roaming\Xfire
    2008-05-16 22:43 . 2008-05-16 22:43 <REP> d-------- C:\Users\All Users\Xfire
    2008-05-16 22:43 . 2008-05-16 22:43 <REP> d-------- C:\ProgramData\Xfire
    2008-05-16 22:43 . 2008-05-16 22:43 <REP> d-------- C:\Program Files\Xfire
    2008-05-16 22:42 . 2008-05-16 22:42 <REP> d-------- C:\Users\mario\AppData\Roaming\teamspeak2
    2008-05-16 22:42 . 2008-05-16 22:42 <REP> d-------- C:\Program Files\Teamspeak2_RC2
    2008-05-16 22:42 . 2008-05-16 22:42 34,064 --a------ C:\Windows\System32\lhacm.acm
    2008-05-16 22:33 . 2008-05-16 22:33 <REP> d-------- C:\Users\mario\AppData\Roaming\Musicmatch
    2008-05-16 22:33 . 2008-05-16 23:10 <REP> d-------- C:\Program Files\Musicmatch
    2008-05-16 22:33 . 2005-05-10 16:04 89,088 --a------ C:\Windows\System32\atl71.dll
    2008-05-16 22:31 . 2008-05-16 23:07 <REP> d-------- C:\Program Files\LimeWire
    2008-05-16 22:21 . 2008-05-16 22:21 <REP> d-------- C:\Users\mario\AppData\Roaming\Apple Computer
    2008-05-16 22:21 . 2008-05-16 22:21 <REP> d-------- C:\Program Files\iTunes
    2008-05-16 22:21 . 2008-05-16 22:21 <REP> d-------- C:\Program Files\iPod
    2008-05-16 22:21 . 2008-05-16 22:21 <REP> d-------- C:\Program Files\Bonjour
    2008-05-16 22:20 . 2008-05-16 22:21 <REP> d-------- C:\Users\All Users\Apple Computer
    2008-05-16 22:20 . 2008-05-16 22:20 <REP> d-------- C:\Users\All Users\Apple
    2008-05-16 22:20 . 2008-05-16 22:21 <REP> d-------- C:\ProgramData\Apple Computer
    2008-05-16 22:20 . 2008-05-16 22:20 <REP> d-------- C:\ProgramData\Apple
    2008-05-16 22:20 . 2008-05-16 22:21 <REP> d-------- C:\Program Files\QuickTime
    2008-05-16 22:20 . 2008-05-16 22:20 <REP> d-------- C:\Program Files\Common Files\Apple
    2008-05-16 22:20 . 2008-05-16 22:20 <REP> d-------- C:\Program Files\Apple Software Update
    2008-05-16 21:34 . 2008-05-16 21:34 <REP> d-------- C:\Users\mario\AppData\Roaming\Media Player Classic
    2008-05-16 21:33 . 2008-05-16 21:33 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-05-16 21:30 . 2008-05-16 21:30 58,880 --a------ C:\Windows\System32\opNfDsSM.dll
    2008-05-16 21:27 . 2008-03-03 14:25 5,702 --ah----- C:\Windows\nod32restoretemdono.reg
    2008-05-16 21:27 . 2008-03-03 18:21 568 --ah----- C:\Windows\nod32fixtemdono.reg
    2008-05-16 21:19 . 2008-05-16 21:19 <REP> d-------- C:\Users\All Users\ESET
    2008-05-16 21:19 . 2008-05-16 21:19 <REP> d-------- C:\ProgramData\ESET
    2008-05-16 21:19 . 2008-05-16 21:19 <REP> d-------- C:\Program Files\ESET
    2008-05-16 21:13 . 2008-05-16 21:13 <REP> dra------ C:\Users\mario\Favoris
    2008-05-16 20:57 . 2008-05-16 21:02 <REP> d-------- C:\Program Files\NOD32view
    2008-05-16 20:44 . 2008-05-16 20:44 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
    2008-05-16 20:39 . 2008-05-16 20:39 <REP> d-------- C:\Users\mario\AppData\Roaming\ATI
    2008-05-16 20:34 . 2008-05-16 20:34 1,244,672 --a------ C:\Windows\System32\mcmde.dll
    2008-05-16 20:23 . 2008-05-16 20:24 <REP> d-------- C:\Program Files\ATI Technologies
    2008-05-16 20:23 . 2008-05-16 20:23 <REP> d-------- C:\Program Files\ATI
    2008-05-16 20:22 . 2008-05-16 20:22 <REP> d-------- C:\AMD
    2008-05-16 19:41 . 2008-05-16 19:41 3,505,720 --a------ C:\Windows\System32\ntkrnlpa.exe
    2008-05-16 19:41 . 2008-05-16 19:41 3,471,928 --a------ C:\Windows\System32\ntoskrnl.exe
    2008-05-16 19:41 . 2008-05-16 19:41 1,327,104 --a------ C:\Windows\System32\quartz.dll
    2008-05-16 19:41 . 2008-05-16 19:41 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
    2008-05-16 19:41 . 2008-05-16 19:41 216,632 --a------ C:\Windows\System32\drivers\netio.sys
    2008-05-16 19:41 . 2008-05-16 19:41 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
    2008-05-16 19:41 . 2008-05-16 19:41 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
    2008-05-16 19:41 . 2008-05-16 19:41 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-05-16 19:41 . 2008-05-16 19:41 24,064 --a------ C:\Windows\System32\netcfg.exe
    2008-05-16 19:41 . 2008-05-16 19:41 22,016 --a------ C:\Windows\System32\netiougc.exe
    2008-05-16 19:40 . 2008-05-16 19:40 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-05-16 19:40 . 2008-05-16 19:40 2,027,008 --a------ C:\Windows\System32\win32k.sys
    2008-05-16 19:40 . 2008-05-16 19:40 1,686,528 --a------ C:\Windows\System32\gameux.dll
    2008-05-16 19:40 . 2008-05-16 19:40 296,448 --a------ C:\Windows\System32\gdi32.dll
    2008-05-16 19:40 . 2008-05-16 19:40 223,232 --a------ C:\Windows\System32\WMASF.DLL
    2008-05-16 19:40 . 2008-05-16 19:40 11,776 --a------ C:\Windows\System32\sbunattend.exe
    2008-05-16 19:40 . 2008-05-16 19:40 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
    2008-05-16 19:40 . 2008-05-16 19:40 2,048 --a------ C:\Windows\System32\asferror.dll
    2008-05-16 19:32 . 2008-05-16 19:32 <REP> d-------- C:\Users\mario\AppData\Roaming\Yahoo!
    2008-05-16 19:32 . 2008-05-16 19:32 <REP> d-------- C:\Users\All Users\Yahoo! Companion
    2008-05-16 19:32 . 2008-05-16 19:32 <REP> d-------- C:\ProgramData\Yahoo! Companion
    2008-05-16 19:30 . 2008-05-16 20:52 <REP> dr------- C:\Users\mario\Searches
    2008-05-16 19:30 . 2008-05-21 12:37 <REP> dr------- C:\Users\mario\Contacts
    2008-05-16 19:30 . 2008-05-16 19:30 <REP> d-------- C:\Users\mario\AppData\Roaming\Symantec
    2008-05-16 19:30 . 2008-05-16 19:30 <REP> d--hs---- C:\$RECYCLE.BIN
    2008-05-16 19:30 . 2008-05-16 19:30 44 --a------ C:\Windows\system\hpsysdrv.dat
    2008-05-16 19:26 . 2008-05-16 19:26 <REP> d-------- C:\Users\mario\AppData\Roaming\Hewlett-Packard
    2008-05-16 19:24 . 2008-05-16 19:30 <REP> dr------- C:\Users\mario\Videos
    2008-05-16 19:24 . 2008-05-21 13:38 <REP> dr------- C:\Users\mario\Saved Games
    2008-05-16 19:24 . 2008-05-16 19:30 <REP> dr------- C:\Users\mario\Pictures
    2008-05-16 19:24 . 2008-05-17 00:08 <REP> dr------- C:\Users\mario\Music
    2008-05-16 19:24 . 2008-05-16 19:30 <REP> dr------- C:\Users\mario\Links
    2008-05-16 19:24 . 2008-05-16 19:30 <REP> dr------- C:\Users\mario\Downloads
    2008-05-16 19:24 . 2008-05-21 12:37 <REP> dr------- C:\Users\mario\Documents
    2008-05-16 19:24 . 2006-11-02 08:37 <REP> d-------- C:\Users\mario\AppData\Roaming\Media Center Programs
    2008-05-16 19:24 . 2008-05-16 19:24 <REP> d--h----- C:\Users\mario\AppData
    2008-05-16 19:24 . 2008-05-16 19:24 1,832 -rahs---- C:\Windows\System32\drivers\103C_HP_CPC_GX773AA-A2L a6334f_YC_0Pavi_QCNX750_E81FCv3PrA1_49_IBenicia_SASUSTeK Computer INC._V1.01_B5.11_T071205_WUH0_L40C_M3062_J500_7Intel_8Core2 Duo E4500_92.2_#080516_N10EC8168_Z14F12F20_G808629C2.MRK
    2008-05-16 19:23 . 2008-05-21 12:37 <REP> d-------- C:\Users\mario
    2008-05-16 19:20 . 2008-05-16 19:20 1,712,984 --a------ C:\Windows\System32\wuaueng.dll
    2008-05-16 19:20 . 2008-05-16 19:20 1,524,224 --a------ C:\Windows\System32\wucltux.dll
    2008-05-16 19:20 . 2008-05-16 19:20 549,720 --a------ C:\Windows\System32\wuapi.dll
    2008-05-16 19:20 . 2008-05-16 19:20 163,000 --a------ C:\Windows\System32\wuwebv.dll
    2008-05-16 19:20 . 2008-05-16 19:20 80,896 --a------ C:\Windows\System32\wudriver.dll
    2008-05-16 19:20 . 2008-05-16 19:20 53,080 --a------ C:\Windows\System32\wuauclt.exe
    2008-05-16 19:20 . 2008-05-16 19:20 43,352 --a------ C:\Windows\System32\wups2.dll
    2008-05-16 19:20 . 2008-05-16 19:20 33,624 --a------ C:\Windows\System32\wups.dll
    2008-05-16 19:20 . 2008-05-16 19:20 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-05-16 19:19 . 2008-05-16 19:19 <REP> dr------- C:\Windows\System32\config\systemprofile\Contacts
    2008-04-29 20:57 . 2008-04-29 20:57 41,296 --a------ C:\Windows\System32\xfcodec.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-17 17:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-05-16 23:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-05-16 23:44 --------- d-----w C:\Program Files\Windows Sidebar
    2008-05-16 23:44 --------- d-----w C:\Program Files\Windows Mail
    2008-05-16 23:40 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-05-16 23:40 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-05-16 23:40 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
    2008-05-16 23:40 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-05-16 23:40 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-05-16 23:39 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
    2008-05-16 23:39 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
    2008-05-16 23:39 826,368 ----a-w C:\Windows\System32\wininet.dll
    2008-05-16 23:39 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
    2008-05-16 23:39 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-05-16 23:39 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
    2008-05-16 23:39 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
    2008-05-16 23:39 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
    2008-05-16 23:38 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-05-16 23:38 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-05-16 23:38 2,048 ----a-w C:\Windows\System32\tzres.dll
    2008-05-16 23:36 --------- d-----w C:\ProgramData\Symantec
    2008-05-16 23:24 --------- d-----w C:\ProgramData\Hewlett-Packard
    2008-05-16 23:19 --------- d-sh--w C:\ProgramData\Modèles
    2008-05-16 23:19 --------- d-sh--w C:\ProgramData\Menu Démarrer
    2008-05-16 23:19 --------- d-sh--w C:\ProgramData\Favoris
    2008-05-16 23:19 --------- d-sh--w C:\ProgramData\Bureau
    2008-05-16 23:19 --------- d-sh--w C:\Program Files\Fichiers communs
    2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\divx.dll
    2008-03-28 17:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
    2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
    2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
    2007-11-22 19:57 174 --sha-w C:\Program Files\desktop.ini
    2004-07-22 14:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
    2004-07-20 02:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
    2004-07-20 02:53 976,020 ----a-w C:\Program Files\BDAXP.cab
    2004-07-09 18:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
    2004-07-09 13:13 703,080 ----a-w C:\Program Files\BDA.cab
    2004-07-09 13:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
    2004-07-09 08:08 472,576 ----a-w C:\Program Files\dxsetup.exe
    2004-07-09 08:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
    2004-07-09 07:03 62,976 ----a-w C:\Program Files\DSETUP.dll
    .

    ------- Sigcheck -------

    .
    ((((((((((((((((((((((((((((( snapshot@2008-05-17_20.20.45,95 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-18 00:01:01 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-22 12:25:13 67,584 --s-a-w C:\Windows\bootstat.dat
    + 2008-05-18 01:31:07 45,056 ----a-w C:\Windows\D45EC2594A194656B588C2C360DD18EA.TMP\WiseCustomCalla.dll
    + 2008-05-18 01:31:08 111,386 ----a-w C:\Windows\D45EC2594A194656B588C2C360DD18EA.TMP\WiseCustomCalla2.dll
    + 2008-05-18 01:31:07 174,166 ----a-w C:\Windows\D45EC2594A194656B588C2C360DD18EA.TMP\WiseCustomCalla3.dll
    + 2008-05-18 01:31:07 111,656 ----a-w C:\Windows\D45EC2594A194656B588C2C360DD18EA.TMP\WiseCustomCalla6.exe
    + 2008-05-18 01:31:08 111,510 ----a-w C:\Windows\D45EC2594A194656B588C2C360DD18EA.TMP\WiseCustomCalla9.exe
    - 2008-05-18 00:01:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2008-05-22 12:25:13 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2008-05-18 00:01:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2008-05-22 12:25:13 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2008-05-18 00:02:25 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-22 12:27:26 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
    + 2008-05-22 12:27:26 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
    - 2008-05-18 00:02:30 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-22 12:26:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
    + 2008-05-22 12:26:35 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
    - 2008-05-17 04:34:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-05-20 11:54:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2008-05-17 04:34:19 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-20 11:54:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-05-21 15:43:06 262,144 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\usrclass.dat
    - 2008-05-17 04:34:19 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2008-05-20 11:54:12 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-05-18 00:17:41 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-05-22 12:28:02 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
    + 2008-05-22 12:28:02 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
    - 2008-05-16 23:46:18 288,424 ----a-w C:\Windows\System32\FNTCACHE.DAT
    + 2008-05-22 12:25:16 288,424 ----a-w C:\Windows\System32\FNTCACHE.DAT
    - 2008-05-18 00:08:20 103,726 ----a-w C:\Windows\System32\perfc009.dat
    + 2008-05-22 05:11:38 103,314 ----a-w C:\Windows\System32\perfc009.dat
    - 2008-05-18 00:08:20 117,366 ----a-w C:\Windows\System32\perfc00C.dat
    + 2008-05-22 05:11:38 116,988 ----a-w C:\Windows\System32\perfc00C.dat
    - 2008-05-18 00:08:20 609,944 ----a-w C:\Windows\System32\perfh009.dat
    + 2008-05-22 05:11:38 609,532 ----a-w C:\Windows\System32\perfh009.dat
    - 2008-05-18 00:08:20 690,594 ----a-w C:\Windows\System32\perfh00C.dat
    + 2008-05-22 05:11:38 689,846 ----a-w C:\Windows\System32\perfh00C.dat
    - 2008-05-18 00:02:56 3,332 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1968620845-1193092089-1616559880-1000_UserData.bin
    + 2008-05-22 12:27:01 4,416 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1968620845-1193092089-1616559880-1000_UserData.bin
    - 2008-05-18 00:02:56 44,396 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2008-05-22 12:27:01 47,294 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2008-05-18 00:02:53 27,666 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2008-05-22 12:26:59 29,310 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-16 19:40 1232896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
    "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
    "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 11:36 178712]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-10-01 14:12 141848]
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-10-01 14:11 154136]
    "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-10-01 14:11 129560]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-09-19 10:50 4702208 C:\Windows\RtHDVCpl.exe]
    "HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 22:06 40048]
    "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-06 21:56 54936]
    "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 11:24 54840]
    "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
    "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072]
    "MSServer"="C:\Windows\system32\opNfDsSM.dll" [2008-05-16 21:30 58880]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{522E0112-EDD9-413D-A99E-C311A54B6676}"= C:\Windows\system32\opNfDsSM.dll [2008-05-16 21:30 58880]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.l3codecp"= l3codecp.acm
    "VIDC.YV12"= yv12vfw.dll
    "VIDC.XFR1"= xfcodec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{50110D46-0E59-4B79-B50A-9CFBE1D49402}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{A0AE8455-1484-403E-9206-CB322EEFBC0C}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{149065CD-712F-4C49-82C1-24F3B73C88BF}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{9F4BEABD-AB62-4FB7-A8EA-DA17B3F6AD35}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{B67F81CD-CDD8-4542-8517-EA2C38B93B60}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "TCP Query User{3F5D24A7-DB55-4D65-89E6-701759B31E8C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
    "UDP Query User{0AE3E90A-4CC7-4E1D-B054-FF240339268D}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
    "{5ED212AB-4CE6-41D2-9761-BD72A322020A}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{30FB53A7-3FD6-4FD3-A82C-4E0B027CFFC7}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
    "UDP Query User{5E2C0D24-39E1-4765-BF7A-34A1404163C1}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 12:44]
    R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-08 22:07]
    S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 05:45]
    S3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-09-24 05:19]
    S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-17 19:06]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89e172b4-2394-11dd-941a-806e6f6e6963}]
    \shell\AutoRun\command - E:\AUTORUN.EXE

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c98872a-23a9-11dd-84e5-001e8c5ae7e7}]
    \shell\AutoRun\command - F:\Autorun.exe /run
    \shell\Shell00\Command - F:\Autorun.exe /run
    \shell\Shell01\Command - F:\Autorun.exe /action
    \shell\Shell02\Command - F:\Autorun.exe /uninstall

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-21 16:41:04 C:\Windows\Tasks\User_Feed_Synchronization-{481B1FF9-C48D-4DAF-8547-0C480F6CE9A7}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-22 08:30:51
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-05-22 8:31:32
    ComboFix-quarantined-files.txt 2008-05-22 12:31:29
    ComboFix2.txt 2008-05-21 14:22:59
    ComboFix3.txt 2008-05-18 01:11:36
    ComboFix4.txt 2008-05-18 00:21:03

    Pre-Run: 374,854,455,296 octets libres
    Post-Run: 374,824,919,040 octets libres

    304 --- E O F --- 2008-05-21 21:23:37
    Contenus similaires
    a b 8 Sécurité
    22 Mai 2008 15:45:20

    Re,

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.
    Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
    AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    22 Mai 2008 17:28:51

    Merci encore voici le rapport:

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 777

    Type de recherche: Examen rapide
    Eléments examinés: 31480
    Temps écoulé: 1 minute(s), 29 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{522e0112-edd9-413d-a99e-c311a54b6676} (Trojan.Vundo) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\System32\opNfDsSM.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    a b 8 Sécurité
    22 Mai 2008 17:48:02

    Reposte un rapport Hijackthis.
    23 Mai 2008 00:09:21

    MERCI revoici le rapport de hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:09:58, on 2008-05-22
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\schtasks.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\hp\kbd\kbd.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Users\mario\Desktop\MARIO\hijack this\ccm.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O13 - Gopher Prefix:
    O16 - DPF: {FA30EC32-668B-4B60-B13C-4C84EB90C3C9} (ActiveID Control) - http://www.meetstream.com/activex/28081/activeid.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6122 bytes
    a b 8 Sécurité
    23 Mai 2008 11:05:50

    Ton pc se comporte mieux ?

    Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    23 Mai 2008 13:32:28

    MERCI beaucoup, oui tout vas tres bien sauf un petit probleme mineur, c'est que lorsque j'insere ma cle usb il n'y a plus de fenetre qui s'ouvre pour me demander quel action je doit faire et je suis obliger d'aller dans le poste de travail pour ouvrir ma cle usb, Merci encore tu est un Expert
    a b 8 Sécurité
    23 Mai 2008 14:27:43

    Je ne sais pas pour l'USB.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS