Les news de la planète envahis ?

Réseaux & telecom Internet
1

Salut

Depuis aujourd’hui, sur presque tout les sites qui utilisent la même distributeur de pub, je reçois des nouvelles pop-ups, et des pub de pilules qui agrandissent la taille du sexe de l’homme.

Avez vous ça aussi ?

ou une solution (j’ai avira a jour, et scanné y a 2 min)

merci

2

:hello:

vé et sans pilules … :wink:

allez Télécharge, mets à jour Malwarebytes Anti-Malware que tu trouveras ici (pour les intimes il se nomme MBAM)

Passe en mode sans échec:
www.inforumatique.fr…

En préférant la méthode F8

Scanne ton ordi avec MBAM (mode complet), supprime tout ce qui est trouvé, enregistre le rapport sur le bureau et poste le dans ton prochain message

3

Salut

Les écritures de windows sont de nouveau redevenus normales !

Merci

Par contre, les pop up sont encore la ::confused:

Malwarebytes’ Anti-Malware 1.31
Version de la base de données: 1456
Windows 6.0.6001 Service Pack 1

23/12/2008 1:32:18
mbam-log-2008-12-23 (01-32-18).txt

Type de recherche: Examen complet (C:|)
Eléments examinés: 215676
Temps écoulé: 45 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (Spyware.Marketscore) -> Quarantined and deleted successfully.

4

Re,

Clique [ici](http://images.malwareremoval.com/random/RSIT.exe) pour télécharger random's system information tool (RSIT) par random/random et sauvegarde le sur ton [b]Bureau[/b]

  • Double-clique sur RSIT.exe pour l’exécuter.

  • Clique sur le bouton “Continue” sur la fenêtre d’avertissement.

  • Une fois le scan terminé, tu auras deux rapports qui seront ouverts : log.txt et info.txt (c:\rsit)

  • Poste les dans ta prochaine réponse s’il te plait
    Note : un rapport hijackthis est contenu dans le rapport log.txt

5

Bonjour ,

Merci de ta réponse .

Donc voici le rapport :

Logfile of random’s system information tool 1.05 (written by random/random)
Run by Mohamed at 2008-12-23 11:14:23
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 87 GB (61%) free of 144 GB
Total RAM: 2037 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:41, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mohamed\Program Files\DNA\btdna.exe
C:\Program Files\Avi Player\AviPlayer.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Mohamed\Desktop\RSIT.exe
C:\Program Files\trend micro\Mohamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [UCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM…\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Users\Mohamed\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [Avi Player] “C:\Program Files\Avi Player\AviPlayer.exe” hmw
O4 - HKCU…\Run: [MP4 Player] “C:\Program Files\MP4 Player\mp4Player.exe” hmw
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KeenfinderSrch Service - Unknown owner - C:\Program Files\KeenfinderSrch\keenfinder.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


End of file - 8847 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUser.job
C:\Windows\tasks\User_Feed_Synchronization-{03A4CBA3-CBB3-4419-938C-68EDC0B3641A}.job
C:\Windows\tasks\User_Feed_Synchronization-{A7C19711-548A-4E53-BCBC-DA1EA74C793B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d’Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-11 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-06 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-11 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-06 2403392]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Apoint”=C:\Program Files\Apoint2K\Apoint.exe [2007-06-30 159744]
“IAAnotif”=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
“QPService”=C:\Program Files\HP\QuickPlay\QPService.exe [2007-09-30 181544]
“QlbCtrl”=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-27 202032]
“UCam_Menu”=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
“Windows Defender”=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
“HP Health Check Scheduler”=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
“hpWirelessAssistant”=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-10-03 480560]
“SunJavaUpdateSched”=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-11 136600]
“Adobe Reader Speed Launcher”=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
“avgnt”=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
“Windows Mobile-based device management”=C:\Windows\WindowsMobile\wmdSync.exe [2006-11-02 215552]
“HP Software Update”=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
“QuickTime Task”=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
“Start WingMan Profiler”=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2008-04-04 88584]
“IgfxTray”=C:\Windows\system32\igfxtray.exe [2008-10-28 150040]
“HotKeysCmds”=C:\Windows\system32\hkcmd.exe [2008-10-28 178712]
“Persistence”=C:\Windows\system32\igfxpers.exe [2008-10-28 154136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“Sidebar”=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
“msnmsgr”=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
“swg”=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-11-06 171448]
“BitTorrent DNA”=C:\Users\Mohamed\Program Files\DNA\btdna.exe [2008-12-19 342848]
“Avi Player”=C:\Program Files\Avi Player\AviPlayer.exe [2007-09-05 629760]
“MP4 Player”=C:\Program Files\MP4 Player\mp4Player.exe [2008-11-06 772096]
“SpybotSD TeaTimer”=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-10-28 221184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Program Files\BitTorrent\bittorrent.exe”=“C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-12-23 11:14:23 ----D---- C:\rsit
2008-12-23 11:14:23 ----D---- C:\Program Files\trend micro
2008-12-23 00:43:50 ----A---- C:\Windows\ntbtlog.txt
2008-12-23 00:40:29 ----D---- C:\ProgramData\Malwarebytes
2008-12-23 00:40:28 ----D---- C:\Program Files\Malwarebytes’ Anti-Malware
2008-12-22 23:56:22 ----D---- C:\SDFix
2008-12-22 22:50:48 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-22 22:50:48 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-22 20:33:47 ----D---- C:\Program Files\MP4 Player
2008-12-22 20:33:46 ----AH---- C:\Users\Mohamed\AppData\Roaming\swk.ini
2008-12-22 20:29:10 ----D---- C:\Program Files\Common Files\Scanner
2008-12-22 20:29:07 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-12-22 18:31:56 ----D---- C:\Program Files\GIF Movie Gear
2008-12-22 00:16:05 ----D---- C:\Program Files\KeenfinderSrch
2008-12-22 00:13:44 ----D---- C:\Program Files\Beneton Movie GIF
2008-12-21 23:56:46 ----D---- C:\Program Files\WebAnim Gif 3
2008-12-21 23:51:50 ----D---- C:\Program Files\Active GIF Creator 3.2
2008-12-19 22:42:05 ----D---- C:\ProgramData\51BD
2008-12-19 22:40:05 ----D---- C:\Program Files\MP3Gain
2008-12-19 21:13:07 ----D---- C:\ProgramData\73C1
2008-12-19 07:27:29 ----A---- C:\Windows\system32\mshtml.dll
2008-12-14 14:49:11 ----D---- C:\ProgramData\Trymedia
2008-12-14 14:27:59 ----D---- C:\Program Files\Global Star Software
2008-12-13 21:31:49 ----D---- C:\Users\Mohamed\AppData\Roaming\ProtectDisc
2008-12-13 21:30:37 ----D---- C:\ProgramData\Synetic
2008-12-13 21:30:27 ----A---- C:\Windows\system32\D3DX9_37.dll
2008-12-13 21:29:45 ----D---- C:\Program Files\ProtectDisc Driver Installer
2008-12-13 21:25:26 ----D---- C:\Program Files\Crash Time 2 Demo
2008-12-13 20:58:08 ----A---- C:\Windows\system32\xactengine2_8.dll
2008-12-13 20:58:08 ----A---- C:\Windows\system32\x3daudio1_2.dll
2008-12-13 20:58:07 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-12-13 20:58:07 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-12-13 20:58:07 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-12-13 20:58:06 ----A---- C:\Windows\system32\xinput1_3.dll
2008-12-13 20:58:05 ----A---- C:\Windows\system32\xactengine2_7.dll
2008-12-13 20:58:05 ----A---- C:\Windows\system32\d3dx10_33.dll
2008-12-13 20:58:05 ----A---- C:\Windows\system32\D3DCompiler_33.dll
2008-12-13 20:58:04 ----A---- C:\Windows\system32\d3dx9_33.dll
2008-12-13 20:58:03 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-12-13 20:58:02 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-12-13 20:58:02 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-12-13 20:58:02 ----A---- C:\Windows\system32\d3dx10.dll
2008-12-13 20:58:01 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-12-13 20:58:01 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-12-13 20:58:01 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-12-13 20:58:00 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-12-13 20:57:59 ----A---- C:\Windows\system32\xinput1_2.dll
2008-12-13 20:57:59 ----A---- C:\Windows\system32\xinput1_1.dll
2008-12-13 20:57:59 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-12-13 20:57:58 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-12-13 20:57:37 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-12-13 20:57:37 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-12-13 20:57:36 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-12-13 20:57:36 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-12-13 20:57:35 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-12-13 20:57:35 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-12-13 20:52:18 ----D---- C:\Program Files\Crash Time Demo
2008-12-11 20:49:06 ----D---- C:\Windows\Minidump
2008-12-11 13:33:01 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-12-11 13:32:38 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-12-11 12:40:12 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-12-11 12:40:12 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-12-11 12:33:31 ----D---- C:\Program Files\EA GAMES
2008-12-11 09:54:45 ----A---- C:\Windows\system32\javaws.exe
2008-12-11 09:54:45 ----A---- C:\Windows\system32\javaw.exe
2008-12-11 09:54:45 ----A---- C:\Windows\system32\java.exe
2008-12-11 09:54:45 ----A---- C:\Windows\system32\deploytk.dll
2008-12-11 06:20:16 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 09:47:06 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 09:47:00 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 09:46:59 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 09:46:52 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 09:46:45 ----A---- C:\Windows\explorer.exe
2008-12-10 09:46:38 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 09:46:38 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 09:46:37 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 09:46:37 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 09:46:36 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 09:46:36 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 09:46:33 ----A---- C:\Windows\system32\mf.dll
2008-12-10 09:46:32 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 09:46:31 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 09:46:31 ----A---- C:\Windows\system32\logagent.exe
2008-12-08 20:02:59 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-12-08 20:02:58 ----A---- C:\Windows\system32\ff_vfw.dll
2008-12-08 20:02:56 ----D---- C:\Program Files\ffdshow
2008-12-08 20:02:00 ----A---- C:\Windows\NeroDigital.ini
2008-12-08 20:01:28 ----H---- C:\Windows\system32\swk.ini
2008-12-08 20:01:20 ----D---- C:\Program Files\Avi Player
2008-12-07 12:21:11 ----D---- C:\ProgramData\BC7
2008-12-06 12:37:16 ----D---- C:\ProgramData\103B9
2008-12-05 13:07:16 ----D---- C:\Program Files\MSN Reaper
2008-12-04 20:44:40 ----D---- C:\Program Files\360desktop
2008-12-04 20:44:34 ----A---- C:\Windows{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}_WiseFW.ini
2008-12-04 20:43:44 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-04 18:13:39 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-02 22:46:27 ----D---- C:\ProgramData\RapidSolution
2008-12-02 22:46:27 ----D---- C:\Program Files\Radiotracker
2008-11-30 22:01:11 ----D---- C:\Program Files\Activision Value
2008-11-30 17:49:59 ----D---- C:\Windows\system32\Futuremark
2008-11-30 17:49:58 ----D---- C:\Program Files\Common Files\Futuremark Shared
2008-11-27 20:58:24 ----D---- C:\Program Files\Trymedia
2008-11-27 20:56:49 ----D---- C:\Program Files\Valusoft
2008-11-26 10:36:56 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 10:36:54 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 10:36:54 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 10:36:54 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-26 10:36:53 ----A---- C:\Windows\system32\connect.dll

======List of files/folders modified in the last 1 months======

2008-12-23 11:14:31 ----D---- C:\Windows\Temp
2008-12-23 11:14:23 ----RD---- C:\Program Files
2008-12-23 11:07:42 ----D---- C:\Users\Mohamed\AppData\Roaming\DNA
2008-12-23 01:02:06 ----D---- C:\Program Files\Mozilla Firefox
2008-12-23 00:55:12 ----SD---- C:\ProgramData\Microsoft
2008-12-23 00:43:50 ----D---- C:\WINDOWS
2008-12-23 00:40:35 ----D---- C:\Windows\system32\drivers
2008-12-23 00:40:29 ----HD---- C:\ProgramData
2008-12-22 23:57:00 ----D---- C:\Windows\System32
2008-12-22 23:36:19 ----SD---- C:\Users\Mohamed\AppData\Roaming\Microsoft
2008-12-22 20:38:10 ----D---- C:\Windows\Prefetch
2008-12-22 20:32:03 ----SHD---- C:\Windows\Installer
2008-12-22 20:29:10 ----D---- C:\Program Files\Common Files
2008-12-19 15:14:54 ----SHD---- C:\System Volume Information
2008-12-19 07:28:02 ----D---- C:\Windows\winsxs
2008-12-19 07:27:47 ----D---- C:\Windows\system32\catroot
2008-12-18 11:34:28 ----D---- C:\Windows\system32\Macromed
2008-12-18 01:46:32 ----SD---- C:\Windows\Downloaded Program Files
2008-12-18 01:46:31 ----D---- C:\Windows\inf
2008-12-17 19:24:20 ----D---- C:\Users\Mohamed\AppData\Roaming\Google
2008-12-16 11:20:48 ----D---- C:\Windows\system32\Adobe
2008-12-14 14:29:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 14:26:14 ----D---- C:\Windows\Downloaded Installations
2008-12-13 20:57:58 ----RSD---- C:\Windows\assembly
2008-12-12 21:57:55 ----D---- C:\Windows\system32\catroot2
2008-12-11 13:32:38 ----D---- C:\Windows\system32\LogFiles
2008-12-11 12:40:14 ----D---- C:\Windows\Microsoft.NET
2008-12-11 10:04:58 ----D---- C:\Windows\rescache
2008-12-11 09:54:00 ----D---- C:\Program Files\Java
2008-12-11 06:38:31 ----D---- C:\Windows\AppPatch
2008-12-11 06:38:31 ----D---- C:\Program Files\Windows Mail
2008-12-11 06:38:30 ----D---- C:\Windows\system32\fr-FR
2008-12-11 06:35:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-10 10:09:45 ----D---- C:\Program Files\SystemRequirementsLab
2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-07 20:05:38 ----D---- C:\Program Files\PokerStars
2008-11-29 13:06:02 ----D---- C:\ProgramData\Messenger Plus!
2008-11-27 20:49:39 ----D---- C:\Users\Mohamed\AppData\Roaming\BitTorrent

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 acedrv11;acedrv11; ??\C:\Windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2008-12-13 278728]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2008-12-13 25416]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 735232]
R3 avgntflt;avgntflt; ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-10-11 176640]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-28 2476544]
R3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2007-04-23 50176]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2008-01-24 19336]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2008-01-24 48904]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 ENTECH;ENTECH; ??\C:\Windows\system32\DRIVERS\ENTECH.sys [2008-05-29 27672]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-28 2476544]
S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usb_rndisx;Carte RNDIS USB; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-18 15872]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2008-01-24 28168]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2008-01-24 29192]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2008-01-24 14728]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2006-05-02 135168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 KeenfinderSrch Service;KeenfinderSrch Service; C:\Program Files\KeenfinderSrch\keenfinder.exe [2008-12-12 4608]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-11 66872]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S2 RelevantKnowledge;RelevantKnowledge; C:\Program Files\RelevantKnowledge\rlservice.exe /service []
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-06 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Et le info :

info.txt logfile of random’s system information tool 1.05 2008-12-23 11:15:46

======Uninstall list======

–>C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
18 Wheels of Steel - Convoy (remove only)–>“C:\Program Files\Valusoft\18 Wheels of Steel - Convoy\Uninstall.exe”
360desktop–>MsiExec.exe /X{21D15DED-F125-46C8-8017-CB9F1CEB5B4D}
Active GIF Creator 3.2–>“C:\Program Files\Active GIF Creator 3.2\uninstall.exe”
Adobe Flash Player 10 ActiveX–>C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin–>C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Français–>MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Shockwave Player 11–>C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Shockwave Player–>MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR–>C:\Program Files\WinRAR\uninstall.exe
Ask Toolbar–>“C:\Program Files\AskBarDis\unins000.exe”
Atheros Driver Installation Program–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe” -l0x13 -removeonly
Avi Player -->C:\Program Files\Avi Player\uninst.exe
Avira AntiVir Personal - Free Antivirus–>C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
AviSynth 2.5–>“C:\Program Files\AviSynth 2.5\Uninstall.exe”
Battlefield 2™ Demo–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}\setup.exe” -l0x9 -removeonly
Beneton Movie GIF 1.1.2–>“C:\Program Files\Beneton Movie GIF\unins000.exe”
CA Yahoo! Anti-Spy (remove only)–>“C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe”
Cheating-Death 4.33.4–>C:\Program Files\Cheating-Death\UninstCD.exe
Conexant HD Audio–>C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -ILEOHERza.INF
Construction Destruction–>C:\PROGRA~1\Valusoft\CONSTR~1\UNWISE.EXE C:\PROGRA~1\Valusoft\CONSTR~1\INSTALL.LOG
Counter-Strike 1.6–>“C:\Program Files\Counter-Strike 1.6\unins000.exe”
Counter-Strike 1.6–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe” -l0x19
Crash Time 2 Demo (remove only)–>“C:\Program Files\Crash Time 2 Demo\Uninstall.exe”
Crash Time Demo (remove only)–>“C:\Program Files\Crash Time Demo\Uninstall.exe”
CyberLink YouCam–>“C:\Program Files\InstallShield Installation Information{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe” /z-uninstall
DVD Suite–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe” -uninstall
ESU for Microsoft Vista–>MsiExec.exe /I{6E660127-6832-4A50-9CFB-964CAD4494A7}
ffdshow [rev 918] [2007-02-12]–>“C:\Program Files\ffdshow\unins000.exe”
Futuremark SystemInfo–>“C:\Program Files\InstallShield Installation Information{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe” -runfromtemp -l0x0009 -removeonly
GIF Movie Gear 4.2–>“C:\Program Files\GIF Movie Gear\unins000.exe”
Google Toolbar for Internet Explorer–>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer–>regsvr32 /u /s “c:\program files\google\googletoolbar1.dll”
HDAUDIO Soft Data Fax Modem with SmartCP–>C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Hewlett-Packard Active Check–>MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check–>MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2–>“C:\Program Files\trend micro\HijackThis.exe” /uninstall
HP Customer Experience Enhancements–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe” -l0x9 -removeonly
HP Doc Viewer–>MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP DVD Play 3.6–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe” -uninstall
HP Easy Setup - Frontend–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe” -l0x9 -removeonly
HP Help and Support–>MsiExec.exe /I{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}
HP Quick Launch Buttons 6.30 E2–>C:\Program Files\InstallShield Installation Information{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0013 uninst
HP Update–>MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0093–>MsiExec.exe /I{D7358B07-4F10-4014-9869-7999578BE8ED}
HP Wireless Assistant–>MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
Intel® Graphics Media Accelerator Driver–>C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager–>C:\Windows\System32\Imsmudlg.exe
Intel® TV Wizard–>C:\Windows\system32\TVWizudlg.exe -uninstall
Java™ 6 Update 11–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 7–>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Keenfinder 1.0 build 128–>C:\Program Files\KeenfinderSrch\uninstall.exe
LabelPrint–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe” -uninstall
Logitech Gaming Software 5.02–>MsiExec.exe /X{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}
Malwarebytes’ Anti-Malware–>“C:\Program Files\Malwarebytes’ Anti-Malware\unins000.exe”
Messenger Plus! Live–>“C:\Program Files\Messenger Plus! Live\Uninstall.exe”
Microsoft Office PowerPoint Viewer 2007 (French)–>MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works–>MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Module de compatibilité pour Microsoft Office System 2007–>MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.5)–>C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 Player -->C:\Program Files\MP4 Player\uninst.exe
MSCU for Microsoft Vista–>MsiExec.exe /I{2122FAE3-81CF-4D62-8811-9553BCA1A2C3}
MSN Reaper–>“C:\Program Files\MSN Reaper\uninst.exe”
MSXML 4.0 SP2 (KB936181)–>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)–>MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Lite 8.3.6.0–>“C:\Program Files\Nero8\unins000.exe”
Nero MediaHome CE–>C:\Windows\UNNeroMediaHome.exe /UNINSTALL
neroxml–>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting–>C:\Program Files\InstallShield Installation Information{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0013 -removeonly
Paint.NET v3.36–>MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PhotoFiltre–>“C:\Program Files\PhotoFiltre\Uninst.exe”
PokerStars–>“C:\Program Files\PokerStars\PokerStarsUninstall.exe” /u:PokerStars
Power2Go–>RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe” -uninstall
PowerDirector–>“C:\Program Files\InstallShield Installation Information{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe” /z-uninstall
ProtectDisc Driver, Version 11–>C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
PS3 Video 9 4.03–>C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
QuickPlay SlingPlayer 0.4.4–>“C:\Program Files\HP\QuickPlay\unins000.exe”
QuickTime–>MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Radiotracker 3.0.1.37–>“C:\Program Files\Radiotracker\unins000.exe”
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista–>C:\Program Files\InstallShield Installation Information{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}\setup.exe -runfromtemp -l0x0013 -removeonly
Rebel Trucker Demo–>C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C050B135-38A6-4190-8A5C-C8F325688AE3}
RelevantKnowledge–>c:\program files\relevantknowledge\rlvknlg.exe -bootremove -uninst:RelevantKnowledge
ShortKeys Lite–>C:\PROGRA~1\SHORTK~1\UNWISE.EXE C:\PROGRA~1\SHORTK~1\INSTALL.LOG
Spybot - Search & Destroy–>“C:\Program Files\Spybot - Search & Destroy\unins000.exe”
System Requirements Lab–>C:\Program Files\SystemRequirementsLab\Uninstall.exe
Touch Pad Driver–>C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
VideoLAN VLC media player 0.8.6b–>C:\Program Files\VideoLAN\VLC\uninstall.exe
WebAnim Gif 3.0–>“C:\Program Files\WebAnim Gif 3\unins000.exe”
Windows Live installer–>MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail–>MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger–>MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live OneCare safety scanner–>“C:\Program Files\Windows Live Safety Center\UnInstall.exe”
Windows Live OneCare safety scanner–>MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Media Player Firefox Plugin–>MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition
AS: Windows Defender

System event log

Computer Name: PC-de-Said
Event Code: 537
Message: Aucun périphérique de sécurité du module de plateforme sécurisée compatible trouvé sur cet ordinateur. Impossible de démarrer les services de base de module de plateforme sécurisée.
Record Number: 39095
Source Name: Microsoft-Windows-TBS
Time Written: 20081223100955.892544-000
Event Type: Information
User: AUTORITE NT\SERVICE LOCAL

Computer Name: PC-de-Said
Event Code: 7036
Message: Le service Windows Update est entré dans l’état : en cours d’exécution.
Record Number: 39096
Source Name: Service Control Manager
Time Written: 20081223101003.000000-000
Event Type: Information
User:

Computer Name: PC-de-Said
Event Code: 10029
Message: DCOM a démarré le service usnjsvc avec les arguments « » de façon à exécuter le serveur :
{98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
Record Number: 39097
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20081223101148.000000-000
Event Type: Information
User:

Computer Name: PC-de-Said
Event Code: 7036
Message: Le service Service Messenger Sharing Folders USN Journal Reader est entré dans l’état : en cours d’exécution.
Record Number: 39098
Source Name: Service Control Manager
Time Written: 20081223101148.000000-000
Event Type: Information
User:

Computer Name: PC-de-Said
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 39099
Source Name: Tcpip
Time Written: 20081223101535.888144-000
Event Type: Avertissement
User:

Application event log

Computer Name: PC-de-Said
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.
Record Number: 9196
Source Name: usnjsvc
Time Written: 20081223101148.000000-000
Event Type: Information
User:

Computer Name: PC-de-Said
Event Code: 102
Message: msnmsgr (2568) \.\C:\Users\Mohamed\AppData\Local\Microsoft\Messenger\mohamed_laabich@hotmail.com\SharingMetadata\Working\database_48E4_F567_E4F5_5820\dfsr.db: Le moteur de la base de données (6.00.6001.0000) a démarré une nouvelle instance (0).
Record Number: 9197
Source Name: ESENT
Time Written: 20081223101148.000000-000
Event Type: Information
User:

Computer Name: PC-de-Said
Event Code: 300
Message: msnmsgr (2568) \.\C:\Users\Mohamed\AppData\Local\Microsoft\Messenger\mohamed_laabich@hotmail.com\SharingMetadata\Working\database_48E4_F567_E4F5_5820\dfsr.db: Le moteur de la base de données initie les étapes de récupération.
Record Number: 9198
Source Name: ESENT
Time Written: 20081223101148.000000-000
Event Type: Information
User:

Computer Name: PC-de-Said
Event Code: 301
Message: msnmsgr (2568) \.\C:\Users\Mohamed\AppData\Local\Microsoft\Messenger\mohamed_laabich@hotmail.com\SharingMetadata\Working\database_48E4_F567_E4F5_5820\dfsr.db: Le moteur de la base de données a commencé la relecture du fichier journal \.\C:\Users\Mohamed\AppData\Local\Microsoft\Messenger\mohamed_laabich@hotmail.com\SharingMetadata\Working\database_48E4_F567_E4F5_5820\fsr.log.
Record Number: 9199
Source Name: ESENT
Time Written: 20081223101149.000000-000
Event Type: Information
User:

Computer Name: PC-de-Said
Event Code: 302
Message: msnmsgr (2568) \.\C:\Users\Mohamed\AppData\Local\Microsoft\Messenger\mohamed_laabich@hotmail.com\SharingMetadata\Working\database_48E4_F567_E4F5_5820\dfsr.db: Le moteur de la base de données a terminé les étapes de récupération avec succès.
Record Number: 9200
Source Name: ESENT
Time Written: 20081223101149.000000-000
Event Type: Information
User:

Security event log

Computer Name: PC-de-Said
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17909
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081223101534.608944-000
Event Type: Échec de l’audit
User:

Computer Name: PC-de-Said
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17910
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081223101535.014544-000
Event Type: Échec de l’audit
User:

Computer Name: PC-de-Said
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17911
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081223101535.139344-000
Event Type: Échec de l’audit
User:

Computer Name: PC-de-Said
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17912
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081223101535.388944-000
Event Type: Échec de l’audit
User:

Computer Name: PC-de-Said
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume1\WINDOWS\System32\drivers\tcpip.sys
Record Number: 17913
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081223101536.184544-000
Event Type: Échec de l’audit
User:

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\QuickTime\QTSystem
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=x86
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=x86 Family 6 Model 15 Stepping 13, GenuineIntel
“PROCESSOR_REVISION”=0f0d
“NUMBER_OF_PROCESSORS”=2
“PLATFORM”=MCD
“PCBRAND”=HP
“OnlineServices”=Online Services
“USERPART”=E:
“CLASSPATH”=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
“QTJAVA”=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Merci
Edité le 23/12/2008 à 11:20

6

Re,

Télécharge, mets à jour Malwarebytes Anti-Malware que tu trouveras ici (pour les intimes il se nomme MBAM)

Passe en mode sans échec:
www.inforumatique.fr…

En préférant la méthode F8

Scanne ton ordi avec MBAM (mode complet), supprime tout ce qui est trouvé, enregistre le rapport sur le bureau

RSIT a installé hijackthis sur ton ordi lance le

dans ta prochaine réponse poste le Rapport MBAM et le rapport hijackthis
Edité le 23/12/2008 à 12:17

7

J’ai déjà scanné en mode complet plus haut non ?

Le log de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:41, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mohamed\Program Files\DNA\btdna.exe
C:\Program Files\Avi Player\AviPlayer.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Mohamed\Desktop\RSIT.exe
C:\Program Files\trend micro\Mohamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [UCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM…\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Users\Mohamed\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [Avi Player] “C:\Program Files\Avi Player\AviPlayer.exe” hmw
O4 - HKCU…\Run: [MP4 Player] “C:\Program Files\MP4 Player\mp4Player.exe” hmw
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KeenfinderSrch Service - Unknown owner - C:\Program Files\KeenfinderSrch\keenfinder.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


End of file - 8847 bytes

8

J’ai un doute quant à la légitimité d’un fichier, ça m’arrangerait que tu l’analyses sur virustotal

Le fichier à analyser est en gras : C:\Program Files\Avi Player[b]AviPlayer.exe[/b]

Pour analyser le fichier va ici[/url] regarde comment faire [url=http://bibou0007.com/tutos-f45/tutorial-sur-virustotal-t190.htm]là
Si tu ne trouves pas le fichier, affiche tes fichiers cachés ainsi que les fichiers système.

A la fin, poste moi le rapport

9

Re, et encore merci :stuck_out_tongue:

Donc, je ne vois pas de rapport ?

Ca : ?

File size: 629760 bytes
MD5…: dfea57f56092b33484d18bf5fde73fb9
SHA1…: 957791dc0b0706542feb40606fe694bb6703c5f9
SHA256: 4078226af61e032e4c0d24c0daa84f48072769399466c973edec0ffba2c3712a
SHA512: b571e74747ad07043942569171322888e521bb661b32c88f2fae0187b69fb276
4e98146d9b0cd2ea719093642215c48b107e5b5aff0ad4197e2a473de302f385
ssdeep: 12288:74F3oQjJ3vXvQBrPX8hT43pP0qRcHerqJvHCcdhjZFadzhPWk+:QNQl8hT
43xfKXtHCc7TadzVW
PEiD…: UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
TrID…: File type identification
UPX compressed Win32 Executable (42.6%)
Win32 EXE Yoda’s Crypter (37.0%)
Win32 Executable Generic (11.8%)
Win16/32 Executable Delphi generic (2.8%)
Generic Win/DOS Executable (2.7%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x584450
timedatestamp…: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype…: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x113000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x114000 0x71000 0x70600 7.93 dbe5c76caeb17d5028017b959a0226c6
.rsrc 0x185000 0x2a000 0x29200 5.37 9ac65298e18fc47e4281ee1545299d8a

( 12 imports )

KERNEL32.DLL: LoadLibraryA, GetProcAddress, ExitProcess
advapi32.dll: RegCloseKey
comctl32.dll: ImageList_Add
comdlg32.dll: GetOpenFileNameA
gdi32.dll: SaveDC
ole32.dll: OleDraw
oleaut32.dll: VariantCopy
quartz.dll: AMGetErrorTextA
shell32.dll: SHGetMalloc
user32.dll: GetDC
version.dll: VerQueryValueA
wininet.dll: InternetGetConnectedState

( 0 exports )
ThreatExpert info: http://www.threatexpert.com/report.aspx?md5=dfea57f56092b33484d18bf5fde73fb9
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=dfea57f56092b33484d18bf5fde73fb9
packers (Kaspersky): UPX
packers (F-Prot): UPX

Sinon =

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.22.0 2008.12.23 -
AntiVir 7.9.0.45 2008.12.23 -
Authentium 5.1.0.4 2008.12.23 -
Avast 4.8.1281.0 2008.12.23 -
AVG 8.0.0.199 2008.12.22 Downloader.Generic6.QDM
BitDefender 7.2 2008.12.23 -
CAT-QuickHeal 10.00 2008.12.23 -
ClamAV 0.94.1 2008.12.23 -
Comodo 804 2008.12.23 -
DrWeb 4.44.0.09170 2008.12.23 -
eSafe 7.0.17.0 2008.12.21 Suspicious File
eTrust-Vet 31.6.6271 2008.12.20 -
Ewido 4.0 2008.12.23 -
F-Prot 4.4.4.56 2008.12.23 -
F-Secure 8.0.14332.0 2008.12.23 -
Fortinet 3.117.0.0 2008.12.23 -
GData 19 2008.12.23 -
Ikarus T3.1.1.45.0 2008.12.23 -
K7AntiVirus 7.10.563 2008.12.23 -
Kaspersky 7.0.0.125 2008.12.23 -
McAfee 5472 2008.12.22 -
McAfee+Artemis 5472 2008.12.22 -
Microsoft 1.4205 2008.12.23 -
NOD32 3713 2008.12.23 Win32/Ivefound.AviPlayer
Norman 5.80.02 2008.12.23 -
Panda 9.0.0.4 2008.12.23 -
PCTools 4.4.2.0 2008.12.23 -
Prevx1 V2 2008.12.23 -
Rising 21.09.13.00 2008.12.23 -
SecureWeb-Gateway 6.7.6 2008.12.23 -
Sophos 4.37.0 2008.12.23 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.23 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.23 -
VBA32 3.12.8.10 2008.12.22 -
ViRobot 2008.12.23.1532 2008.12.23 -
VirusBuster 4.5.11.0 2008.12.23 -

10

Clique ici pour télécharger GenProc sur le bureau

=> Décompresse le sur le bureau
=> Ouvre le dossier créé et lance [b]GenProc.bat[/b]
=> Enregistre le rapport sur le bureau et poste le ici s'il te plait

[[b]Une aide à l'utilisation ici[/b]](http://www.alt-shift-return.org/Info/GenProc-HowTo.html)
11

Je n’est pas reçu de rapport, sauf celui la:

Rapport GenProc 2.310 [2] - mar. 23/12/2008 - Windows Vista

Etape 1/ Télécharge :

Redémarre en mode sans échec comme indiqué ici www.pcloisirs.eu… ; pour retrouver le rapport, clique sur le raccourci “GenProc” sur ton bureau. Choisis ta session courante *** Said ***

Etape 2/

Lance Toolbar-S&D situé sur le Bureau.
Tape sur “2” puis valide en appuyant sur “Entrée”. Ne ferme pas la fenêtre lors de la suppression.

Etape 3/

Double-clique sur le fichier “SmitfraudFix.exe” et choisis l’option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

Etape 4/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.

  • Exécute l’option R.
  • Si l’infection est détectée, exécute l’option N.
  • Sauvegarde ce rapport sur ton bureau.

Etape 5/

Lance CCleaner : “Nettoyeur”/“lancer le nettoyage” et c’est tout.

Etape 6/

Redémarre normalement et poste, dans la même réponse :

  • Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
  • Le contenu du rapport MSNfix situé sur le Bureau ;
  • Le contenu du rapport C:\TB.txt ;
  • Un nouveau rapport HijackThis tinyurl.com… ;

Précise les difficultés que tu as eu (ce que tu n’as pas pu faire…) ainsi que l’évolution de la situation.

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com

12

Allez tu as du boulot … suis la procédure qui est donné et poste les rapport :wink:

13

Donc, d’abord, normal quand fond d’écran est devenue bleu après toutes les manipulations ? Et aussi, Antivir a détecté un virus sur : C:\windows\system32\SmitfraudFix\Agent.OMZ.Fix.exe ??

Sinon aussi, je n’est pas pu faire un rapport de MSNFix, il resté infiniment sur scan…
Sinon aussi aussi, premier scan avant mode sans echec :

SmitFraudFix v2.387

Scan done at 18:39:54,22, mar. 23/12/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\KeenfinderSrch\keenfinder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\KeenfinderSrch\keenfinder.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Users\Said\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

C:\autorun.inf FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Said

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Said\AppData\Local\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Said\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Said\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
“AppInit_DLLs”=""
“LoadAppInit_DLLs”=dword:00000000

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
“Userinit”=“C:\Windows\system32\userinit.exe,”

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 212.76.224.172
DNS Server Search Order: 192.168.123.254

HKLM\SYSTEM\CCS\Services\Tcpip…{1A3F02BD-DA19-4E6F-8252-04E462EBD8B6}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CCS\Services\Tcpip…{E926827C-BFB9-469F-9A9C-CEB3DB0F5441}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip…{1A3F02BD-DA19-4E6F-8252-04E462EBD8B6}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip…{E926827C-BFB9-469F-9A9C-CEB3DB0F5441}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS3\Services\Tcpip…{1A3F02BD-DA19-4E6F-8252-04E462EBD8B6}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS3\Services\Tcpip…{E926827C-BFB9-469F-9A9C-CEB3DB0F5441}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 192.168.123.254

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Puis après avec sans échec :

SmitFraudFix v2.387

Scan done at 18:54:54,87, mar. 23/12/2008
Run from C:\Windows\system32\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri’s WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\autorun.inf Deleted
C:\Program Files\Google\googletoolbar1.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip…{1A3F02BD-DA19-4E6F-8252-04E462EBD8B6}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CCS\Services\Tcpip…{E926827C-BFB9-469F-9A9C-CEB3DB0F5441}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip…{1A3F02BD-DA19-4E6F-8252-04E462EBD8B6}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip…{E926827C-BFB9-469F-9A9C-CEB3DB0F5441}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS3\Services\Tcpip…{1A3F02BD-DA19-4E6F-8252-04E462EBD8B6}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS3\Services\Tcpip…{E926827C-BFB9-469F-9A9C-CEB3DB0F5441}: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 192.168.123.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.76.224.172 192.168.123.254

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

Puis TB :

-----------\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU T2330 @ 1.60GHz )
BIOS : Default System BIOS
USER : Said ( Administrator )
BOOT : Fail-safe boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:140 Go (Free:87 Go)
D:\ (Local Disk) - NTFS - Total:8 Go (Free:2 Go)
E:\ (CD or DVD)

“C:\ToolBar SD” ( MAJ : 21-12-2008|20:47 )
Option : [2] ( mar. 23/12/2008|18:51 )

[ UAC => 1 ]

-----------\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis

-----------\ Recherche de Fichiers / Dossiers …

-----------\ […\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_be&c=81&bd=HP&pf=laptop
“Local Page”=“C:\Windows\system32\blank.htm”
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Url”=“http://go.microsoft.com/fwlink/?LinkId=75720

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
“Start Page”=“http://www.msn.com/
“Default_Page_URL”=“http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_be&c=81&bd=HP&pf=laptop
“Default_Search_URL”=“http://go.microsoft.com/fwlink/?LinkId=54896
“Search Page”=“http://go.microsoft.com/fwlink/?LinkId=54896

--------------------\ Recherche d’autres infections

Aucune autre infection trouvée !

[ UAC => 1 ]

1 - “C:\ToolBar SD\TB_1.txt” - mar. 23/12/2008|18:53 - Option : [2]

-----------\ Fin du rapport a 18:53:09,11

Puis Hijacthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:41, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mohamed\Program Files\DNA\btdna.exe
C:\Program Files\Avi Player\AviPlayer.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Mohamed\Desktop\RSIT.exe
C:\Program Files\trend micro\Mohamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [UCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM…\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Users\Mohamed\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [Avi Player] “C:\Program Files\Avi Player\AviPlayer.exe” hmw
O4 - HKCU…\Run: [MP4 Player] “C:\Program Files\MP4 Player\mp4Player.exe” hmw
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KeenfinderSrch Service - Unknown owner - C:\Program Files\KeenfinderSrch\keenfinder.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


End of file - 8847 bytes

Sinon, comment tu fais pour analyser tout ça ?

14

relance hijackthis puis clique sur http://images.imagehotel.net/z8uattg6yg.jpg

recherche et coche les lignes suivantes:

puis clique sur http://images.imagehotel.net/sw6zjk8ugk.jpg

télécharge Ccleaner

Va dans Ajout/suppr des programmes désinstalle AviPlaye

qui se trouve ici: C:\Program Files\Avi Player\AviPlayer.exe

utilise Ccleaner en mode registre recherche les erreurs et corrige les faire plusieurs passes et accepte la sauvegarde du registre.

Uitlise ensuite ccleaner en mode nettoyeur,

Fais une défragmentation

poste un nouveau hijackthis …

15

Voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:41, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mohamed\Program Files\DNA\btdna.exe
C:\Program Files\Avi Player\AviPlayer.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Mohamed\Desktop\RSIT.exe
C:\Program Files\trend micro\Mohamed.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [UCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM…\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Users\Mohamed\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [Avi Player] “C:\Program Files\Avi Player\AviPlayer.exe” hmw
O4 - HKCU…\Run: [MP4 Player] “C:\Program Files\MP4 Player\mp4Player.exe” hmw
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KeenfinderSrch Service - Unknown owner - C:\Program Files\KeenfinderSrch\keenfinder.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


End of file - 8847 bytes

16

Tu es sur de ton rapport celui là date du 23/12 … mais de 11H15 :frowning:

17

Hummm ??? Bizarre ? Le voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:36, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Users\Said\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\trend micro\hijackthis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [UCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM…\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [Google Update] “C:\Users\Said\AppData\Local\Google\Update\GoogleUpdate.exe” /c
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KeenfinderSrch Service - Unknown owner - C:\Program Files\KeenfinderSrch\keenfinder.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


End of file - 7012 bytes

18

relance hijackthis puis clique sur http://images.imagehotel.net/z8uattg6yg.jpg

recherche et coche les lignes suivantes:

puis clique sur http://images.imagehotel.net/sw6zjk8ugk.jpg

   Clique [ici](http://oldtimer.geekstogo.com/OTMoveIt3.exe) pour télécharger [b]OTMoveIt3[/b] (de OldTimer) sur le bureau

[List][*] Double-clique sur [b]OTMoveIt3.exe[/b] pour le lancer. (si vous êtes sous Vista, faire un clic droit dessus et sélectionner Exécuter en tant qu'administrateur)
[*] Copie/colle le contenu du cadre ci dessous dans le cadre de gauche de OTMoveIt nommé [b]Paste Instructions for Items to be Moved[/b].
[/list][quote=""]

:Processes
explorer.exe

:Services

keenfinder.exe
rlservice.exe
:Reg

:Files

C:\Program Files\KeenfinderSrch\keenfinder.exe
C:\Program Files\RelevantKnowledge\rlservice.exe
Genre

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

[/quote]

  • Clique sur MoveIt! pour lancer la suppression.

  • Copie le contenu de la fenêtre de résultat et poste le sur le forum.

  • Quitte OTMoveIt3

    Note : Si un fichier ou dossier ne peut être supprimé immédiatement, le pc demandera à redémarrer, accepte en cliquant sur OK. Dans ce cas, après redémarrage, ouvre le fichier .log le plus récent dans le dossier C:_OTMoveIt\MovedFiles et poste son contenu.

Une aide à l’utilisation

bibou0007.com… … t-t387.htm

à l’issu poste le rapport OTMovelt et un nouveau Hijackthis … et je pense que ce sera bon …

19

Salut

Merci encore de ta réponse .

Donc voici le rapport de OTMovelt :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Unable to stop service keenfinder.exe .
Unable to stop service rlservice.exe .
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\KeenfinderSrch\keenfinder.exe moved successfully.
File/Folder C:\Program Files\RelevantKnowledge\rlservice.exe not found.
File/Folder Genre not found.
========== COMMANDS ==========
File delete failed. C:\Users\Mohamed\AppData\Local\Temp\etilqs_hHSJQTeOu6Z3AjoPZ0f6 scheduled to be deleted on reboot.
File delete failed. C:\Users\Mohamed\AppData\Local\Temp\htmpl.htm scheduled to be deleted on reboot.
File delete failed. C:\Users\Mohamed\AppData\Local\Temp~DF7BEF.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Mohamed\AppData\Local\Temp~DF7C2F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Mohamed\AppData\Local\Temp~DFB299.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Mohamed\AppData\Local\Temp~DFB2C4.tmp scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\Cache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\Cache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\Cache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\Cache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12232008_231351

Files moved on Reboot…
File C:\Users\Mohamed\AppData\Local\Temp\etilqs_hHSJQTeOu6Z3AjoPZ0f6 not found!
C:\Users\Mohamed\AppData\Local\Temp\htmpl.htm moved successfully.
File C:\Users\Mohamed\AppData\Local\Temp~DF7BEF.tmp not found!
File C:\Users\Mohamed\AppData\Local\Temp~DF7C2F.tmp not found!
File C:\Users\Mohamed\AppData\Local\Temp~DFB299.tmp not found!
File C:\Users\Mohamed\AppData\Local\Temp~DFB2C4.tmp not found!
C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\Cache_CACHE_001_ moved successfully.
C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\Cache_CACHE_002_ moved successfully.
C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\Cache_CACHE_003_ moved successfully.
C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\Cache_CACHE_MAP_ moved successfully.
C:\Users\Mohamed\AppData\Local\Mozilla\Firefox\Profiles\p0k8rky3.default\urlclassifier3.sqlite moved successfully.

Et le rapport de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:30, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\WindowsMobile\wmdSync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Users\Mohamed\Program Files\DNA\btdna.exe
C:\Program Files\Avi Player\AviPlayer.exe
C:\Program Files\MP4 Player\Mp4Player.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mohamed\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ie.redirect.hp.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ie.redirect.hp.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM…\Run: [IAAnotif] “C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe”
O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [UCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” update “Software\CyberLink\YouCam\1.0”
O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM…\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM…\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM…\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM…\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU…\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [BitTorrent DNA] “C:\Users\Mohamed\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [Avi Player] “C:\Program Files\Avi Player\AviPlayer.exe” hmw
O4 - HKCU…\Run: [MP4 Player] “C:\Program Files\MP4 Player\mp4Player.exe” hmw
O4 - HKCU…\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - secure.gopetslive.com…
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KeenfinderSrch Service - Unknown owner - C:\Program Files\KeenfinderSrch\keenfinder.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


End of file - 7989 bytes

voila

Merci

20

Re,

as tu toujours ces fenêtres de pub qui s’affichent ???