Comment supprimer " System integrity scan wizard" [Résolu]

Bonjour, a tous j'ai besoin de votre aide

il y a quelques jour que j'ai une fenetre qui s'ouvre m'indiqant que j'ai un virus comment supprimer cette fenetre

" System integrity scan wizard"

merci de votre aide

Message édité par lapierre le 01-05-2008 à 23:19:35

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

:hello: Bonjour,

Télécharge Deckard's System Scanner (DSS) (ou DSS) sur ton Bureau.
NB : Tu dois être connecté avec des droits d'Administrateur.

ferme toutes les applications et fenêtres
double-clique sur dss.exe pour le lancer et suis les instructions ci-dessous

Attention, il est conseillé de stopper temporairement les logiciels résidents de protection (pare-feu, antivirus, etc.)

s'il s'agit d'une première utilisation ou d'une nouvelle version de DSS :
tu devras cliquer 2 fois sur le OK des boîtes de dialogue

Attention, si tu tardes trop, la réponse Abandon sera automatiquement validée

quand le traitement est terminé (clique sur OK), deux fichiers texte s'affichent :

main.txt <- ouvert en premier plan et en plein écran
extra.txt <- ouvert en second plan et en fenêtré (regarde la barre des taches)
S'il s'agit d'une utilisation supplémentaire de DSS :

tu n'auras pas de boîte de dialogue (pas de OK)
quand le traitement est terminé, un fichier texte s'affiche :

main.txt <- ouvert en premier plan et en plein écran

copie (Ctrl+A puis Ctrl+C) et colle (Ctrl+V) le contenu de main.txt dans ton prochain post
copie de même le contenu de extra.txt dans ton prochain post, si tu as ce fichier (première utilisation)
n'oublie pas de réactiver les protections si elles ont été stoppées.

Ce que fait DSS :

crée un point de restauration dans Windows XP et Vista
nettoie les fichiers temporaires, DPF-Downloaded Program Files et le Cache Internet, vide la Corbeille de tous les lecteurs
vérifie quelques zones importantes de ton système et établit un rapport pour examen par ton conseiller en sécurité. DSS lance automatiquement HijackThis pour toi; il va aussi créer un raccourci HijackThis sur ton Bureau si tu n'as pas déjà HijackThis d'installé.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Je yiens a te remercier Merillym pour l'intteret que tu porte a mon topic. j'ai fait se que tu m'a demandé voici les résultats:

main.txt

Deckard's System Scanner v20071014.68
Run by Moi on 2008-04-30 13:21:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
7: 2008-04-29 19:20:36 UTC - RP53 - Installed Vista Codec Package.
6: 2008-04-29 16:31:12 UTC - RP52 - Scheduled Checkpoint
5: 2008-04-28 20:13:22 UTC - RP51 - SPTD setup V1.50
4: 2008-04-28 15:58:06 UTC - RP49 - Scheduled Checkpoint
3: 2008-04-27 17:28:32 UTC - RP48 - Scheduled Checkpoint

-- First Restore Point --
1: 2008-04-26 12:40:54 UTC - RP46 - Scheduled Checkpoint

Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 1022 MiB (1024 MiB recommended).[/color]

-- HijackThis (run as Moi.exe) -------------------------------------------------

logfile has no content; running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-30 13:25:21
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\ProgramData\lmlywgbl\opytqxsx.exe
C:\ProgramData\abkhsdox\almrspon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svehost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\System32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Moi\Desktop\dss.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\SearchFilterHost.exe
C:\Program Files\Google\googletoolbar1user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/red [...] r=iesearch
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [lmlywgbl] C:\ProgramData\lmlywgbl\opytqxsx.exe
O4 - HKCU\..\Run: [9YMGPAClWx] C:\ProgramData\abkhsdox\almrspon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - Global Startup: E_SPSU01.lnk = C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\System32\drivers\XAudio.exe

--
End of file - 7242 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S0 OemBiosDevice (Royalty OEM Bios Extension) - c:\windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 13:25:05 0 d-------- C:\Program Files\Trend Micro
2008-04-30 07:49:19 2156 --a------ C:\Windows\system32\tmp.reg
2008-04-29 21:21:37 0 d-------- C:\Users\All Users\Apple Computer
2008-04-29 21:21:37 0 d-------- C:\Program Files\VistaCodecPack
2008-04-29 21:21:19 0 d-------- C:\Program Files\illiminable
2008-04-29 08:04:01 0 d-------- C:\Users\All Users\lmlywgbl
2008-04-29 08:04:01 0 d-------- C:\Users\All Users\abkhsdox
2008-04-29 07:56:26 0 d-------- C:\Program Files\MagicISO
2008-04-28 22:13:53 685816 --a------ C:\Windows\system32\drivers\sptd.sys
2008-04-28 20:49:07 530 --a------ C:\Windows\eReg.dat
2008-04-24 22:05:24 0 d-------- C:\Program Files\Microsoft Etudes
2008-04-24 22:02:19 0 d-------- C:\Program Files\Learning Essentials
2008-04-23 22:23:12 0 d-------- C:\Program Files\Doblon
2008-04-23 22:11:02 0 d-------- C:\Users\Moi\Incomplete
2008-04-23 21:59:36 0 d-------- C:\Program Files\Java
2008-04-23 21:57:45 0 d-------- C:\Program Files\Common Files\Java
2008-04-23 21:57:20 0 d-------- C:\Program Files\LimeWire
2008-04-23 13:27:30 0 d-------- C:\Program Files\Anti-Leech
2008-04-23 08:33:56 0 d-------- C:\Program Files\PDF - Word
2008-04-23 08:32:55 0 d-a------ C:\Users\All Users\TEMP
2008-04-22 23:18:43 0 d-------- C:\Users\All Users\Azureus
2008-04-22 23:16:54 0 d-------- C:\Program Files\Azureus
2008-04-22 21:31:37 111932 --a------ C:\Windows\system32\EPPICPrinterDB.dat
2008-04-22 21:31:37 1139 --a------ C:\Windows\system32\EPPICPresetData_PT.dat
2008-04-22 21:31:37 1120 --a------ C:\Windows\system32\EPPICPresetData_IT.dat
2008-04-22 21:31:37 1107 --a------ C:\Windows\system32\EPPICPresetData_GE.dat
2008-04-22 21:31:37 1129 --a------ C:\Windows\system32\EPPICPresetData_FR.dat
2008-04-22 21:31:37 1136 --a------ C:\Windows\system32\EPPICPresetData_ES.dat
2008-04-22 21:31:37 1104 --a------ C:\Windows\system32\EPPICPresetData_EN.dat
2008-04-22 21:31:37 1146 --a------ C:\Windows\system32\EPPICPresetData_DU.dat
2008-04-22 21:31:37 1129 --a------ C:\Windows\system32\EPPICPresetData_CF.dat
2008-04-22 21:31:37 1139 --a------ C:\Windows\system32\EPPICPresetData_BP.dat
2008-04-22 21:31:37 4943 --a------ C:\Windows\system32\EPPICPattern6.dat
2008-04-22 21:31:37 21390 --a------ C:\Windows\system32\EPPICPattern5.dat
2008-04-22 21:31:37 11811 --a------ C:\Windows\system32\EPPICPattern4.dat
2008-04-22 21:31:37 24903 --a------ C:\Windows\system32\EPPICPattern3.dat
2008-04-22 21:31:37 20148 --a------ C:\Windows\system32\EPPICPattern2.dat
2008-04-22 21:31:37 31053 --a------ C:\Windows\system32\EPPICPattern131.dat
2008-04-22 21:31:37 27417 --a------ C:\Windows\system32\EPPICPattern121.dat
2008-04-22 21:31:37 26154 --a------ C:\Windows\system32\EPPICPattern1.dat
2008-04-22 18:44:45 0 d-------- C:\Program Files\FMA 2
2008-04-22 17:22:02 0 d-------- C:\Windows\system32\appmgmt
2008-04-22 16:48:14 0 d-------- C:\Users\All Users\NVIDIA
2008-04-22 16:08:27 0 d-------- C:\Users\All Users\Google
2008-04-22 16:08:00 0 d-------- C:\Users\All Users\Google Updater
2008-04-22 16:07:56 0 d-------- C:\Program Files\Google
2008-04-22 03:23:25 0 d-------- C:\Windows\Panther
2008-04-22 03:23:10 0 d--hs---- C:\Boot
2008-04-21 21:56:39 0 d-------- C:\Users\All Users\Nero
2008-04-21 21:56:39 0 d-------- C:\Program Files\Nero
2008-04-21 21:56:39 0 d-------- C:\Program Files\Common Files\Nero
2008-04-21 21:45:26 0 d-------- C:\Windows\system32\Macromed
2008-04-21 21:17:29 0 d-------- C:\Program Files\EPSON
2008-04-21 21:17:04 0 -rahs---- C:\MSDOS.SYS
2008-04-21 21:17:04 0 -rahs---- C:\IO.SYS
2008-04-21 20:13:18 942080 -r-hs---- C:\Windows\system32\svehost.exe
2008-04-21 20:03:20 0 d-------- C:\Program Files\Synaptics
2008-04-21 20:02:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-21 19:45:08 0 d-------- C:\Program Files\CONEXANT
2008-04-21 19:37:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-21 19:37:27 0 d-------- C:\Users\All Users\Adobe
2008-04-21 19:31:28 196608 --a------ C:\Windows\system32\pdfcmnnt.dll <Not Verified; internet-support foehr.com; RedMon EE>
2008-04-21 19:31:27 119568 --a------ C:\Windows\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-04-21 19:31:27 141312 --a------ C:\Windows\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-04-21 19:31:27 59904 --a------ C:\Windows\system32\MSCC2FR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-04-21 19:31:26 23552 --a------ C:\Windows\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-04-21 19:31:26 0 d-------- C:\Program Files\PDFCreator
2008-04-21 19:17:55 0 d-------- C:\Program Files\Microsoft Works
2008-04-21 19:15:17 0 d-------- C:\Program Files\Microsoft.NET
2008-04-21 19:11:08 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-21 19:09:18 0 d-------- C:\Users\All Users\Microsoft Help
2008-04-21 19:07:42 0 d-------- C:\Program Files\Alwil Software
2008-04-21 19:06:36 0 dr-h----- C:\MSOCache
2008-04-21 19:02:10 0 d-------- C:\Program Files\IZArc
2008-04-21 18:47:52 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-04-21 18:43:41 0 d------c- C:\Windows\system32\DRVSTORE
2008-04-21 18:42:45 0 d-------- C:\System.sav
2008-04-21 18:42:44 0 d-------- C:\swsetup
2008-04-21 18:39:23 0 d-------- C:\Users\All Users\Messenger Plus!
2008-04-21 18:36:03 688952 --a------ C:\Windows\system32\perfh00C.dat
2008-04-21 18:36:03 117092 --a------ C:\Windows\system32\perfc00C.dat
2008-04-21 18:34:19 0 d-------- C:\Windows\fr-FR
2008-04-21 18:34:11 0 d-------- C:\Windows\system32\fr
2008-04-21 18:34:11 0 d-------- C:\Windows\system32\drivers\fr-FR
2008-04-21 18:34:11 0 d-------- C:\Windows\system32\040C
2008-04-21 18:17:45 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-21 17:53:02 0 d-------- C:\Windows\PCHEALTH
2008-04-21 17:40:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 17:39:40 0 d-------- C:\Program Files\Windows Live
2008-04-21 17:39:14 0 d--hs---- C:\Windows\Installer
2008-04-21 17:39:10 0 d-------- C:\Users\All Users\WLInstaller
2008-04-21 17:34:43 0 dr------- C:\Users\Moi\Searches
2008-04-21 17:34:31 0 dr------- C:\Users\Moi\Contacts
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Templates
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Start Menu
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\SendTo
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Recent
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\PrintHood
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\NetHood
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\My Documents
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Local Settings
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Cookies
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Application Data
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Videos
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Saved Games
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Pictures
2008-04-21 17:34:25 2621440 --ahs---- C:\Users\Moi\NTUSER.DAT
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Music
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Links
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Favorites
2008-04-21 17:34:25 0 d-------- C:\Users\Moi\Downloads
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Documents
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Desktop
2008-04-21 17:34:25 0 d--h----- C:\Users\Moi\AppData
2008-04-21 17:28:03 0 d-------- C:\Windows\SoftwareDistribution
2008-04-21 17:26:15 0 d-------- C:\Windows\Debug
2008-04-21 17:26:14 0 d-------- C:\Windows\CSC
2008-04-21 17:24:35 0 d-------- C:\Windows\Prefetch
2008-04-21 17:24:20 0 d--hs---- C:\System Volume Information

-- Find3M Report ---------------------------------------------------------------

2008-04-30 07:57:12 54547 --a------ C:\Users\Moi\AppData\Roaming\nvModes.dat
2008-04-30 07:57:12 54547 --a------ C:\Users\Moi\AppData\Roaming\nvModes.001
2008-04-30 07:53:06 35 --a------ C:\Users\Moi\AppData\Roaming\SetValue.bat
2008-04-30 07:53:06 691 --a------ C:\Users\Moi\AppData\Roaming\GetValue.vbs
2008-04-23 22:22:48 0 d-------- C:\Users\Moi\AppData\Roaming\LimeWire
2008-04-23 21:57:45 0 d-------- C:\Program Files\Common Files
2008-04-23 09:12:21 0 d-------- C:\Users\Moi\AppData\Roaming\Azureus
2008-04-23 08:41:21 0 d-------- C:\Users\Moi\AppData\Roaming\AdobeUM
2008-04-22 21:31:31 0 d-------- C:\Users\Moi\AppData\Roaming\InstallShield
2008-04-22 20:23:12 0 d-------- C:\Users\Moi\AppData\Roaming\FMA
2008-04-22 16:09:21 0 d-------- C:\Users\Moi\AppData\Roaming\Google
2008-04-21 22:01:20 0 d-------- C:\Users\Moi\AppData\Roaming\Nero
2008-04-21 21:45:30 0 d-------- C:\Users\Moi\AppData\Roaming\Macromedia
2008-04-21 21:45:29 0 d-------- C:\Users\Moi\AppData\Roaming\Adobe
2008-04-21 21:06:11 174 --ahs---- C:\Program Files\desktop.ini
2008-04-21 21:01:07 0 d-------- C:\Program Files\Windows Calendar
2008-04-21 21:01:06 0 d-------- C:\Program Files\Windows Mail
2008-04-21 21:01:04 0 d-------- C:\Program Files\Windows Defender
2008-04-21 21:01:00 0 d-------- C:\Program Files\Windows Sidebar
2008-04-21 19:17:33 0 d-------- C:\Program Files\MSBuild
2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Journal
2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Collaboration
2008-04-21 18:34:20 0 d-------- C:\Program Files\Movie Maker
2008-04-21 17:34:33 0 d-------- C:\Users\Moi\AppData\Roaming\Identities

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/04/2008 20:09]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [27/02/2007 11:26]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [27/02/2007 11:26]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [27/02/2007 11:26]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 14:21]
"Microsoft Updates"="svehost.exe" [21/04/2008 20:13 C:\Windows\System32\svehost.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21/04/2008 19:51]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 19:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [22/04/2008 16:08]
"lmlywgbl"="C:\ProgramData\lmlywgbl\opytqxsx.exe" [29/04/2008 08:04]
"9YMGPAClWx"="C:\ProgramData\abkhsdox\almrspon.exe" [29/04/2008 08:04]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Updates"=svehost.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
E_SPSU01.lnk - C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE [21/04/2008 21:21:13]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [22/04/2008 16:08:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-04-30 13:26:44 ------------

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Édition Intégrale (build 6000)
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 1021.44 MiB / 313.52 MiB
Pagefile Memory (total/avail): 2296.46 MiB / 1347.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.93 MiB

C: is Fixed (NTFS) - 83.42 GiB total, 47.35 GiB free.
D: is Fixed (NTFS) - 93.16 GiB total, 79.23 GiB free.
E: is Fixed (FAT32) - 8.72 GiB total, 1.36 GiB free.
F: is CDROM (No Media)
G: is Fixed (NTFS) - 74.53 GiB total, 34.87 GiB free.

\\.\PHYSICALDRIVE0 - FUJITSU MHV2100BH PL ATA Device - 93.16 GiB - 3 partitions
\PARTITION0 (bootable) - Système de fichiers installable - 83.42 GiB - C:
\PARTITION1 - Unknown - 8.73 GiB - E:
\PARTITION2 - Unknown - 1027.56 MiB

\\.\PHYSICALDRIVE1 - FUJITSU MHV2100BH PL ATA Device - 93.16 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 93.16 GiB - D:

\\.\PHYSICALDRIVE2 - HITACHI HTS541680J9SA00 USB Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Système de fichiers installable - 74.53 GiB - G:

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AV: avast! antivirus 4.8.1169 [VPS 080430-0] v4.8.1169 (ALWIL Software) [COLOR=RED]Disabled[/COLOR]
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1169 [VPS 080430-0] v4.8.1169 (ALWIL Software) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Moi\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=QUENTIN
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Moi
LOCALAPPDATA=C:\Users\Moi\AppData\Local
LOGONSERVER=\\QUENTIN
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Moi\AppData\Local\Temp
TMP=C:\Users\Moi\AppData\Local\Temp
USERDOMAIN=Quentin
USERNAME=Moi
USERPROFILE=C:\Users\Moi
windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Moi

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70000000000}
Anti-Leech Plugin for Internet Explorer --> C:\Program Files\Anti-Leech\ALIE_1.0.2.3\iesetup2.exe uninstall
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\UIU32a.exe -U -IwisR30B7.INF
EPSON Logiciel imprimante --> C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
FLAC codecs --> C:\Program Files\illiminable\oggcodecs\uninst.exe
floAt's Mobile Agent 2 --> "C:\Program Files\FMA 2\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -IwqcVenz.inf
Intel(R) Network Connections Drivers --> Prounstl.exe
IZArc 3.81 --> "C:\Program Files\IZArc\unins000.exe"
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Les Indispensables Éducation pour Microsoft Office --> MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}
LimeWire PRO 4.13.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Magic ISO Maker v5.3 (build 0229) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Encarta 2008 - Études --> MsiExec.exe /I{08181881-FCA5-44A7-B863-D66037A16AAF}
Microsoft Encarta Maths --> MsiExec.exe /I{07183840-959A-4B0D-8825-2C533F0DDB19}
Microsoft Office Access MUI (French) 2007 --> MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007 --> MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007 --> MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007 --> MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007 --> MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007 --> MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007 --> MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007 --> MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007 --> MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007 --> MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Nero 8 --> MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1036}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outil de mise à jour Google --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VeryPDF PDF2Word v2.0 --> "C:\Program Files\PDF - Word\unins000.exe"
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
WBEncarta --> RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\fr\FR\WBEncarta\Uninstall\Uninstall.inf,Uninstall,,,N
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

-- Application Event Log -------------------------------------------------------

Event Record #/Type1490 / Success
Event Submitted/Written: 04/30/2008 08:16:00 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type1485 / Success
Event Submitted/Written: 04/30/2008 07:56:53 AM
Event ID/Source: 5617 / WinMgmt
Event Description:

Event Record #/Type1481 / Success
Event Submitted/Written: 04/30/2008 07:56:44 AM
Event ID/Source: 5615 / WinMgmt
Event Description:

Event Record #/Type1478 / Success
Event Submitted/Written: 04/30/2008 07:56:01 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
Le service de gestion des licences du logiciel a démarré.

Event Record #/Type1466 / Warning
Event Submitted/Written: 04/30/2008 07:54:44 AM
Event ID/Source: 6000 / Wlclntfy
Event Description:
L’abonné aux notifications Winlogon <GPClient> n’était pas disponible pour traiter un événement de notification.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type19380 / Error
Event Submitted/Written: 04/30/2008 07:57:26 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
Parallel port driver%%1058

Event Record #/Type19322 / Warning
Event Submitted/Written: 04/30/2008 07:54:46 AM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:

Event Record #/Type19318 / Error
Event Submitted/Written: 04/30/2008 07:48:54 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
aswSP
spldr
Wanarpv6

Event Record #/Type19309 / Error
Event Submitted/Written: 04/30/2008 07:48:54 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Computer BrowserServer%%1068

Event Record #/Type19292 / Error
Event Submitted/Written: 04/30/2008 07:48:04 AM
Event ID/Source: 10005 / DCOM
Event Description:
1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

-- End of Deckard's System Scanner: finished at 2008-04-30 13:26:44 ------------

j'attends de tes nouvelles

Répondre à lapierre

Re,

1) Désactive l'UAC ( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )

2) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) puis clique sur "Fix Checked" et referme HijackThis :

O4 - HKLM\..\Run: [Microsoft Updates] svehost.exe
O4 - HKLM\..\RunServices: [Microsoft Updates] svehost.exe
O4 - HKCU\..\Run: [lmlywgbl] C:\ProgramData\lmlywgbl\opytqxsx.exe
O4 - HKCU\..\Run: [9YMGPAClWx] C:\ProgramData\abkhsdox\almrspon.exe

3) Télécharger OTMoveIt2 par OldTimer.

Enregistrer ce fichier sur le Bureau.
Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
Copier les lignes de la zone "Code" ci-dessous en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

C:\Users\All Users\lmlywgbl
C:\Users\All Users\abkhsdox
C:\Windows\system32\svehost.exe

Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.
Cliquer sur le bouton rouge Moveit!.
Copier tout ce qui se trouve dans la zone Results (sous la barre verte) en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.
Fermer OTMoveIt2

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

Si tu obtiens un message comme quoi le rapport ne peut pas être créé, copie/colle ce qui apparaît dans la colonne droite de l’outil.

4) Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

voici les rapports

OTMoveit:

C:\Users\All Users\lmlywgbl moved successfully.
C:\Users\All Users\abkhsdox moved successfully.
C:\Windows\system32\svehost.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04302008_134835

Malwarebytes:

en cours je posterai quand il sera terminé

Répondre à lapierre

le voici le voilou:

rapport de malwarebytes:

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 700

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 151375
Temps écoulé: 57 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 27
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\_OTMoveIt\MovedFiles\04302008_134835\Users\All Users\abkhsdox\almrspon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\04302008_134835\Users\All Users\lmlywgbl\opytqxsx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Répondre à lapierre

Re,

Poste un nouveau rapport dss scan.

Comment va le PC ? Toujours des problèmes ?

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

plus de problème avec le pc (pour l'instant voici le scan dss)
Par rapport a ce scan peux tu me dire si je peux cloturer ce topic?

Encore un grand merci

Deckard's System Scanner v20071014.68
Run by Moi on 2008-04-30 17:11:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Total Physical Memory: 1022 MiB (1024 MiB recommended).[/color]

-- HijackThis (run as Moi.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:27, on 30/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Moi\Desktop\dss.exe
C:\Windows\system32\conime.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Moi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [9YMGPAClWx] C:\ProgramData\abkhsdox\almrspon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6159 bytes

-- Files created between 2008-03-30 and 2008-04-30 -----------------------------

2008-04-30 13:55:15 0 d-------- C:\Users\All Users\Malwarebytes
2008-04-30 13:55:15 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-30 13:25:05 0 d-------- C:\Program Files\Trend Micro
2008-04-30 07:49:19 2156 --a------ C:\Windows\system32\tmp.reg
2008-04-29 21:21:37 0 d-------- C:\Users\All Users\Apple Computer
2008-04-29 21:21:37 0 d-------- C:\Program Files\VistaCodecPack
2008-04-29 21:21:19 0 d-------- C:\Program Files\illiminable
2008-04-29 07:56:26 0 d-------- C:\Program Files\MagicISO
2008-04-28 22:13:53 685816 --a------ C:\Windows\system32\drivers\sptd.sys
2008-04-28 20:49:07 530 --a------ C:\Windows\eReg.dat
2008-04-24 22:05:24 0 d-------- C:\Program Files\Microsoft Etudes
2008-04-24 22:02:19 0 d-------- C:\Program Files\Learning Essentials
2008-04-23 22:23:12 0 d-------- C:\Program Files\Doblon
2008-04-23 22:11:02 0 d-------- C:\Users\Moi\Incomplete
2008-04-23 21:59:36 0 d-------- C:\Program Files\Java
2008-04-23 21:57:45 0 d-------- C:\Program Files\Common Files\Java
2008-04-23 21:57:20 0 d-------- C:\Program Files\LimeWire
2008-04-23 13:27:30 0 d-------- C:\Program Files\Anti-Leech
2008-04-23 08:33:56 0 d-------- C:\Program Files\PDF - Word
2008-04-23 08:32:55 0 d-a------ C:\Users\All Users\TEMP
2008-04-22 23:18:43 0 d-------- C:\Users\All Users\Azureus
2008-04-22 23:16:54 0 d-------- C:\Program Files\Azureus
2008-04-22 21:31:37 111932 --a------ C:\Windows\system32\EPPICPrinterDB.dat
2008-04-22 21:31:37 1139 --a------ C:\Windows\system32\EPPICPresetData_PT.dat
2008-04-22 21:31:37 1120 --a------ C:\Windows\system32\EPPICPresetData_IT.dat
2008-04-22 21:31:37 1107 --a------ C:\Windows\system32\EPPICPresetData_GE.dat
2008-04-22 21:31:37 1129 --a------ C:\Windows\system32\EPPICPresetData_FR.dat
2008-04-22 21:31:37 1136 --a------ C:\Windows\system32\EPPICPresetData_ES.dat
2008-04-22 21:31:37 1104 --a------ C:\Windows\system32\EPPICPresetData_EN.dat
2008-04-22 21:31:37 1146 --a------ C:\Windows\system32\EPPICPresetData_DU.dat
2008-04-22 21:31:37 1129 --a------ C:\Windows\system32\EPPICPresetData_CF.dat
2008-04-22 21:31:37 1139 --a------ C:\Windows\system32\EPPICPresetData_BP.dat
2008-04-22 21:31:37 4943 --a------ C:\Windows\system32\EPPICPattern6.dat
2008-04-22 21:31:37 21390 --a------ C:\Windows\system32\EPPICPattern5.dat
2008-04-22 21:31:37 11811 --a------ C:\Windows\system32\EPPICPattern4.dat
2008-04-22 21:31:37 24903 --a------ C:\Windows\system32\EPPICPattern3.dat
2008-04-22 21:31:37 20148 --a------ C:\Windows\system32\EPPICPattern2.dat
2008-04-22 21:31:37 31053 --a------ C:\Windows\system32\EPPICPattern131.dat
2008-04-22 21:31:37 27417 --a------ C:\Windows\system32\EPPICPattern121.dat
2008-04-22 21:31:37 26154 --a------ C:\Windows\system32\EPPICPattern1.dat
2008-04-22 18:44:45 0 d-------- C:\Program Files\FMA 2
2008-04-22 17:22:02 0 d-------- C:\Windows\system32\appmgmt
2008-04-22 16:48:14 0 d-------- C:\Users\All Users\NVIDIA
2008-04-22 16:08:27 0 d-------- C:\Users\All Users\Google
2008-04-22 16:08:00 0 d-------- C:\Users\All Users\Google Updater
2008-04-22 16:07:56 0 d-------- C:\Program Files\Google
2008-04-22 03:23:25 0 d-------- C:\Windows\Panther
2008-04-22 03:23:10 0 d--hs---- C:\Boot
2008-04-21 21:56:39 0 d-------- C:\Users\All Users\Nero
2008-04-21 21:56:39 0 d-------- C:\Program Files\Nero
2008-04-21 21:56:39 0 d-------- C:\Program Files\Common Files\Nero
2008-04-21 21:45:26 0 d-------- C:\Windows\system32\Macromed
2008-04-21 21:17:29 0 d-------- C:\Program Files\EPSON
2008-04-21 21:17:04 0 -rahs---- C:\MSDOS.SYS
2008-04-21 21:17:04 0 -rahs---- C:\IO.SYS
2008-04-21 20:03:20 0 d-------- C:\Program Files\Synaptics
2008-04-21 20:02:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-21 19:45:08 0 d-------- C:\Program Files\CONEXANT
2008-04-21 19:37:37 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-21 19:37:27 0 d-------- C:\Users\All Users\Adobe
2008-04-21 19:31:28 196608 --a------ C:\Windows\system32\pdfcmnnt.dll <Not Verified; internet-support foehr.com; RedMon EE>
2008-04-21 19:31:27 119568 --a------ C:\Windows\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-04-21 19:31:27 141312 --a------ C:\Windows\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-04-21 19:31:27 59904 --a------ C:\Windows\system32\MSCC2FR.DLL <Not Verified; Microsoft Corporation; Bibliothèque d'objets de Microsoft Common Controls 2>
2008-04-21 19:31:26 23552 --a------ C:\Windows\system32\MSMPIDE.DLL <Not Verified; Microsoft Corporation; MSMAPI-Steuerelementbibliothek>
2008-04-21 19:31:26 0 d-------- C:\Program Files\PDFCreator
2008-04-21 19:17:55 0 d-------- C:\Program Files\Microsoft Works
2008-04-21 19:15:17 0 d-------- C:\Program Files\Microsoft.NET
2008-04-21 19:11:08 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-21 19:09:18 0 d-------- C:\Users\All Users\Microsoft Help
2008-04-21 19:07:42 0 d-------- C:\Program Files\Alwil Software
2008-04-21 19:06:36 0 dr-h----- C:\MSOCache
2008-04-21 19:02:10 0 d-------- C:\Program Files\IZArc
2008-04-21 18:47:52 240128 --a------ C:\Windows\system32\drivers\royal.sys <Not Verified; PARADOX; SLP Kernel-Mode Driver>
2008-04-21 18:43:41 0 d------c- C:\Windows\system32\DRVSTORE
2008-04-21 18:42:45 0 d-------- C:\System.sav
2008-04-21 18:42:44 0 d-------- C:\swsetup
2008-04-21 18:39:23 0 d-------- C:\Users\All Users\Messenger Plus!
2008-04-21 18:36:03 688952 --a------ C:\Windows\system32\perfh00C.dat
2008-04-21 18:36:03 117092 --a------ C:\Windows\system32\perfc00C.dat
2008-04-21 18:34:19 0 d-------- C:\Windows\fr-FR
2008-04-21 18:34:11 0 d-------- C:\Windows\system32\fr
2008-04-21 18:34:11 0 d-------- C:\Windows\system32\drivers\fr-FR
2008-04-21 18:34:11 0 d-------- C:\Windows\system32\040C
2008-04-21 18:17:45 0 d-------- C:\Program Files\Messenger Plus! Live
2008-04-21 17:53:02 0 d-------- C:\Windows\PCHEALTH
2008-04-21 17:40:04 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 17:39:40 0 d-------- C:\Program Files\Windows Live
2008-04-21 17:39:14 0 d--hs---- C:\Windows\Installer
2008-04-21 17:39:10 0 d-------- C:\Users\All Users\WLInstaller
2008-04-21 17:34:43 0 dr------- C:\Users\Moi\Searches
2008-04-21 17:34:31 0 dr------- C:\Users\Moi\Contacts
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Templates
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Start Menu
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\SendTo
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Recent
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\PrintHood
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\NetHood
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\My Documents
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Local Settings
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Cookies
2008-04-21 17:34:26 0 d--hs---- C:\Users\Moi\Application Data
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Videos
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Saved Games
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Pictures
2008-04-21 17:34:25 2621440 --ahs---- C:\Users\Moi\NTUSER.DAT
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Music
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Links
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Favorites
2008-04-21 17:34:25 0 d-------- C:\Users\Moi\Downloads
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Documents
2008-04-21 17:34:25 0 dr------- C:\Users\Moi\Desktop
2008-04-21 17:34:25 0 d--h----- C:\Users\Moi\AppData
2008-04-21 17:28:03 0 d-------- C:\Windows\SoftwareDistribution
2008-04-21 17:26:15 0 d-------- C:\Windows\Debug
2008-04-21 17:26:14 0 d-------- C:\Windows\CSC
2008-04-21 17:24:35 0 d-------- C:\Windows\Prefetch
2008-04-21 17:24:20 0 d--hs---- C:\System Volume Information

-- Find3M Report ---------------------------------------------------------------

2008-04-30 15:15:39 54547 --a------ C:\Users\Moi\AppData\Roaming\nvModes.dat
2008-04-30 15:15:39 54547 --a------ C:\Users\Moi\AppData\Roaming\nvModes.001
2008-04-30 14:46:47 0 d-------- C:\Users\Moi\AppData\Roaming\Real
2008-04-30 13:55:21 0 d-------- C:\Users\Moi\AppData\Roaming\Malwarebytes
2008-04-30 13:55:04 0 d-------- C:\Users\Moi\AppData\Roaming\Download Manager
2008-04-30 07:53:06 35 --a------ C:\Users\Moi\AppData\Roaming\SetValue.bat
2008-04-30 07:53:06 691 --a------ C:\Users\Moi\AppData\Roaming\GetValue.vbs
2008-04-23 22:22:48 0 d-------- C:\Users\Moi\AppData\Roaming\LimeWire
2008-04-23 21:57:45 0 d-------- C:\Program Files\Common Files
2008-04-23 09:12:21 0 d-------- C:\Users\Moi\AppData\Roaming\Azureus
2008-04-23 08:41:21 0 d-------- C:\Users\Moi\AppData\Roaming\AdobeUM
2008-04-22 21:31:31 0 d-------- C:\Users\Moi\AppData\Roaming\InstallShield
2008-04-22 20:23:12 0 d-------- C:\Users\Moi\AppData\Roaming\FMA
2008-04-22 16:09:21 0 d-------- C:\Users\Moi\AppData\Roaming\Google
2008-04-21 22:01:20 0 d-------- C:\Users\Moi\AppData\Roaming\Nero
2008-04-21 21:45:30 0 d-------- C:\Users\Moi\AppData\Roaming\Macromedia
2008-04-21 21:45:29 0 d-------- C:\Users\Moi\AppData\Roaming\Adobe
2008-04-21 21:06:11 174 --ahs---- C:\Program Files\desktop.ini
2008-04-21 21:01:07 0 d-------- C:\Program Files\Windows Calendar
2008-04-21 21:01:06 0 d-------- C:\Program Files\Windows Mail
2008-04-21 21:01:04 0 d-------- C:\Program Files\Windows Defender
2008-04-21 21:01:00 0 d-------- C:\Program Files\Windows Sidebar
2008-04-21 19:17:33 0 d-------- C:\Program Files\MSBuild
2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Photo Gallery
2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Journal
2008-04-21 18:34:20 0 d-------- C:\Program Files\Windows Collaboration
2008-04-21 18:34:20 0 d-------- C:\Program Files\Movie Maker
2008-04-21 17:34:33 0 d-------- C:\Users\Moi\AppData\Roaming\Identities

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [21/04/2008 20:09]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 19:37]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [27/02/2007 11:26]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [27/02/2007 11:26]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [27/02/2007 11:26]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [15/09/2007 02:29]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 14:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [03/12/2007 14:21]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [21/04/2008 19:51]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [13/12/2007 19:10]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [22/04/2008 16:08]
"9YMGPAClWx"="C:\ProgramData\abkhsdox\almrspon.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 14:33]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [22/04/2008 16:08:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-04-30 17:12:23 ------------

Répondre à lapierre

Re,

1) Relance HijackThis (clique droit -> lancer en tant qu'adminstrateur sous Vista), clique sur "do a system scan only", coche ces lignes ( si présentes ) puis clique sur "Fix Checked" et referme HijackThis :

O4 - HKCU\..\Run: [9YMGPAClWx] C:\ProgramData\abkhsdox\almrspon.exe

2) Désinstalle avast, redémarre et supprime ~~>C:\Program Files\Alwil Software

Télécharge ccleaner (>>tuto à lire !<<), tu download «the latest version » puis installe le en décochant - Ajouter la Barre d'Outils Yahoo! CCleaner
Puis lance le nettoyage, puis fais chercher des erreurs et sauvegardes si tu le souhaites.

Télécharge et installe Antivir. (tuto)
Pourquoi changer ? : Avast! vs Antivir
mais aussi:
14 antivirus au banc d'essai

Citation :

Antivir : le plus efficace des gratuits

Vérifie qu’il soit bien à jour ! Fais une analyse complète en mode sans échec, sauvegarde le rapport et poste le moi.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Voici le rapport de Antivir (il n'existe pas en français?)

Avira AntiVir Personal
Report file date: jeudi 1 mai 2008 11:28

Scanning for 1245960 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic

Platform: Windows Vista

Boot mode: Save mode with network

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 9/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 7/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 09:13:33
ANTIVIR3.VDF : 7.0.3.235 248832 Bytes 30/04/2008 09:13:36
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 1/05/2008 09:13:56
AESCN.DLL : 8.1.0.15 119157 Bytes 1/05/2008 09:13:55
AERDL.DLL : 8.1.0.20 418165 Bytes 1/05/2008 09:13:54
AEPACK.DLL : 8.1.1.4 364918 Bytes 1/05/2008 09:13:51
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 1/05/2008 09:13:49
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 1/05/2008 09:13:47
AEHELP.DLL : 8.1.0.14 115063 Bytes 1/05/2008 09:13:40
AEGEN.DLL : 8.1.0.18 299381 Bytes 1/05/2008 09:13:39
AEEMU.DLL : 8.1.0.5 430450 Bytes 7/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 1/05/2008 09:13:37
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 6/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 1 mai 2008 11:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '18' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPCPYCG7\souplesse_fr[1].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] The file was ignored!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Data>
Begin scan in 'E:\' <HP_RECOVERY>

End of the scan: jeudi 1 mai 2008 12:04
Used time: 35:33 min

The scan has been done completely.

14517 Scanning directories
361552 Files were scanned
0 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
361552 Files not concerned
4063 Archives were scanned
3 Warnings
1 Notes

Message édité par lapierre le 01-05-2008 à 12:10:25

Répondre à lapierre

:hello:

Fais un scan en linge avec BitDefender, avec internet explorer ! Sauvegarde tes musiques et photos, il arrive que BitDefender les supprime

http://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

Tutorial en image : http://forum.pcastuces.com/sujet.asp?f=25&s=31584

Poste-moi le rapport en entier

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Rapport BitDefender

BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Thu, May 01, 2008 - 17:06:47

--------------------------------------------------------------------------------

Info d'analyse

Fichiers scannés 78161

Infectés Fichiers 2

Virus Détectés

Backdoor.IRCBot.ABSW 1

Trojan.Kitkar.A 1

Répondre à lapierre

Re,

Bien :super:

Poste un nouveau rapport hijackthis et dis-moi comment va le PC.

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Rapport HijackThis

Depuis hier soir plus de problème

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:18, on 1/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6566 bytes

Répondre à lapierre

C’est OK, tu ne seras plus infecté(e) quand tu auras fait TOUTES les manip’ ci-dessous

1) Télécharge ToolsCleaner sur ton bureau.
http://www.commentcamarche.net/tel [...] nions.php3

Ce programme va te faire désinstaller tous les outils que je t’ai faits utiliser.

Clique sur Recherche et laisse le scan agir ...
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2) Télécharge et installe Ccleaner :
http://www.01net.com/telecharger/w [...] 32599.html

Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Clique sur l'onglet "Nettoyeur" puis sur "Lancer le Nettoyage".
Ensuite clique sur l'onglet Registre, clique sur "Chercher des erreurs" puis sur "Réparer les erreurs sélectionnées". Il est inutile de faire des sauvegardes des clés. Répète l'opération autant de fois qu'il le faut jusqu'à qu'il ne trouve plus d'erreurs.
Tutorial ici : http://www.infos-du-net.com/forum/ [...] nstruction

3)

Désactive ta restauration systeme

Réactive ta restauration systeme

Tutorial ici : http://www.infos-du-net.com/forum/ [...] on-systeme

********************************************************************************

Ajoute maintenant [Résolu] au titre. Pour cela :
* Clique, dans ton premier message, sur le bouton "Editer"
* Rajoute la mention [Résolu] au titre
* Clique ensuite sur "Valider votre message"

Ce serait sympa de rapporter ton infection sur > Malware-Complaints < pour faire condamner ses auteurs

- Règles du forum <- ici
- Poster un message <- ici ( par Malekal )

Pour t'enregistrer clique sur le bouton register ( en haut )
Si tu as plus de 13 ans choisis " I Agree to these terms and am over or exactly 13 years of age "
Si tu as moins de 13 ans choisis " I Agree to these terms and am under 13 years of age "

Tu auras une liste par type d'infection
Si ton infection n'est pas dans la liste crée un message dans Autres infections

a+ et bon surf :hello:

Quelques liens intéressants :

http://mickael.barroux.free.fr/securite/
http://www.malekal.com/
http://www.infos-du-net.com/forum/ [...] protection

------------------------------ Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.

Sécurité / Prévention
Répondre à Egwene

Rapport TCleaner

-->- Recherche:

C:\_OtMoveIt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Users\Moi\Desktop\Dss.exe: trouvé !
C:\Users\Moi\Desktop\HijackThis.lnk: trouvé !
C:\Users\Moi\Desktop\OtMoveIt2.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Users\Moi\Desktop\Dss.exe: supprimé !
C:\Users\Moi\Desktop\HijackThis.lnk: supprimé !
C:\Users\Moi\Desktop\OtMoveIt2.exe: supprimé !
C:\_OtMoveIt: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Un grand merci de ta part

(Est ce que tu saurais m'aider a comprendre tout se que j'ai fait comme manipulation depuis hier? Comme ca je pourrais etre un peu plus actif sur le forum et t'aider dans toute les réponses de topic. De plus cela enrichira mes connaissances informatiques.)

Merci

Répondre à lapierre

[Résolu] Comment supprimer " System integrity scan wizard"

Forum Sécurité - Virus : [Résolu] Comment supprimer " System integrity scan wizard"

Attention