zolves

Bonjour, j'ai des fenetres de publicité qui s'ouvrent de manière intempestives. Comment résoudre ce pb ? Je suis sous vista et j'ai avira(free) qui tourne. Merci de votre aide

Bonjour pear, J'ai lancé le scan et au bout de 2h : rien, donc pas de rapport. Good news Par contre, j'ai quelques questions subsidiaires : 1) Mon antivirus Norton qui était fourni avec le PC est périmé, par quel logiciel puis je le remplacer (antivir ?) 2) Dois je lancer l'ensemble de ces manip régulièrement pour "assainir" mon PC ? 3) Comment s'apperçoit on d'une contamination (hormis le fait que l'on ait des pb d'utilisation machine) ? En tout cas merci pour l'aide en ligne meme si j'ai eu toutes les peines du monde à réaliser l'ensembles de manips demandées (meme pour l'utilisation du forum j'ai bataillé !!).

Bonjour pear, ci joint le rapport MBAM : Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1492 Windows 6.0.6000 12/12/2008 09:50:26 mbam-log-2008-12-12 (09-50-26).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|) Eléments examinés: 157714 Temps écoulé: 3 hour(s), 0 minute(s), 6 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 10 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{6c380604-92b2-4633-becb-bde03fa45980} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4481c34a-10df-4c96-92a6-0ef31b6b95d6} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f9c23cd1-6da9-4e0b-8367-c6f9f1f78baf} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{04a3fd4e-bb55-4574-8562-bd29f3903216}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{04a3fd4e-bb55-4574-8562-bd29f3903216}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d08ce38f-6fc5-4b34-a966-9b33312a90a0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{04a3fd4e-bb55-4574-8562-bd29f3903216}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{04a3fd4e-bb55-4574-8562-bd29f3903216}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d08ce38f-6fc5-4b34-a966-9b33312a90a0}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.109;85.255.112.153 -> Delete on reboot. Dossier(s) infecté(s): C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll (Adware.SoftMate) -> Quarantined and deleted successfully. C:\Windows\System32\msqpdxxcrdxrei.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\drivers\msqpdxserv.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully. C:\Windows\System32\msqpdxphaeuxov.dll (Trojan.Agent) -> Delete on reboot. C:\Windows\System32\drivers\msqpdxnrdeirhm.sys (Trojan.Agent) -> Quarantined and deleted successfully.

Bonsoir, Ci joint le fichier lancé avec navilog1 option1 Search Navipromo version 3.7.0 commencé le 11/12/2008 à 14:09:35,86 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 ) X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2060 @ 1.60GHz ) BIOS : Ver 1.00PARTTBLv USER : Philippe ( Administrator ) BOOT : Normal boot Antivirus : Norton Internet Security 2007 (Activated) Firewall : Norton Internet Security 2007 (Activated) C:\ (Local Disk) - NTFS - Total:106 Go (Free:20 Go) D:\ (Local Disk) - NTFS - Total:5 Go (Free:1 Go) E:\ (CD or DVD) Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "c:\users\philippe\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "C:\Users\Philippe\AppData\Local\virtualstore\Program Files" *** ...\InternetGameBox trouvé ! *** Recherche dossiers dans "C:\Users\Philippe\AppData\Roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Scan Catchme non réalisé. Droits limités sur la session actuelle. *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\Philippe\AppData\Local\Microsoft" * * Recherche dans "C:\Users\Philippe\AppData\Local\virtualstore\windows\system32" * * Recherche dans "C:\Users\Philippe\AppData\Local" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** !! Les clés trouvées ne sont pas forcément infectées !! [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "giywu"="\"c:\\users\\philippe\\appdata\\local\\giywu.exe\" giywu" *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : * Dans "C:\Users\Philippe\AppData\Local\Microsoft" : * Dans "C:\Users\Philippe\AppData\Local\virtualstore\windows\system32" : * Dans "C:\Users\Philippe\AppData\Local" : giywu.exe trouvé ! giywu.dat trouvé ! giywu_nav.dat trouvé ! giywu_navps.dat trouvé ! giywu_navup.dat trouvé ! 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche autres dossiers et fichiers connus : *** Analyse terminée le 11/12/2008 à 14:10:55,62 *** Ci joint le fichier lancé avec navilog1 option2, je l'ai lancé en mode sans echec c'es le seul moyen qui a marché pour lancer l'.exe (meme en administrateur je n'y arrivais pas) Clean Navipromo version 3.7.0 commencé le 11/12/2008 à 18:08:13,96 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 10.12.2008 à 21h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 ) X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2060 @ 1.60GHz ) BIOS : Ver 1.00PARTTBLv USER : Philippe ( Administrator ) BOOT : Fail-safe boot Antivirus : Norton Internet Security 2007 (Activated) Firewall : Norton Internet Security 2007 (Activated) C:\ (Local Disk) - NTFS - Total:106 Go (Free:21 Go) D:\ (Local Disk) - NTFS - Total:5 Go (Free:1 Go) E:\ (CD or DVD) Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage executé en mode sans échec *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\Windows\System32" * * Suppression dans "C:\Users\Philippe\AppData\Local\Microsoft" * * Suppression dans "C:\Users\Philippe\AppData\Local\virtualstore\windows\system32" * * Suppression dans "C:\Users\Philippe\AppData\Local" * *** Suppression dossiers dans "C:\Windows" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Suppression dossiers dans "C:\ProgramData" *** *** Suppression dossiers dans c:\users\philippe\appdata\roaming\micros~1\windows\startm~1\programs *** *** Suppression dossiers dans "C:\Users\Philippe\AppData\Local\virtualstore\Program Files" *** ...\InternetGamebox ...suppression... ...\InternetGamebox supprimé ! *** Suppression dossiers dans "C:\Users\Philippe\AppData\Roaming" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\Windows\Temp effectué ! Nettoyage contenu C:\Users\Philippe\AppData\Local\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\Windows\system32" * * Dans "C:\Users\Philippe\AppData\Local\Microsoft" * * Dans "C:\Users\Philippe\AppData\Local\virtualstore\windows\system32" * * Dans "C:\Users\Philippe\AppData\Local" * giywu.exe trouvé ! Copie giywu.exe réalisée avec succès ! giywu.exe supprimé ! giywu.dat trouvé ! Copie giywu.dat réalisée avec succès ! giywu.dat supprimé ! giywu_nav.dat trouvé ! Copie giywu_nav.dat réalisée avec succès ! giywu_nav.dat supprimé ! giywu_navps.dat trouvé ! Copie giywu_navps.dat réalisée avec succès ! giywu_navps.dat supprimé ! giywu_navup.dat trouvé ! Copie giywu_navup.dat réalisée avec succès ! giywu_navup.dat supprimé ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat Montorgueil absent ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche autres dossiers et fichiers connus *** *** Nettoyage terminé le 11/12/2008 à 18:10:12,49 *** Et un Hijackthis pour finir Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:20:47, on 11/12/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1180792731\ee\aolsoftware.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\BitComet\BitComet.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehmsas.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180792731\ee\AOLSoftware.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CCS\Services\Tcpip\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS1\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS6\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153 O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10732 bytes

Bonjour pear, ci joint l'ensemble des infos demandés (j'espère que tout y ait) Rapport toolbar S&D option1 -----------\\ ToolBar S&D 1.2.6 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 ) X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2060 @ 1.60GHz ) BIOS : Ver 1.00PARTTBLv USER : Philippe ( Administrator ) BOOT : Normal boot Antivirus : Norton Internet Security 2007 (Activated) Firewall : Norton Internet Security 2007 (Activated) C:\ (Local Disk) - NTFS - Total:106 Go (Free:27 Go) D:\ (Local Disk) - NTFS - Total:5 Go (Free:1 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 ) Option : [2] ( 10/12/2008|19:08 ) [ UAC => 1 ] -----------\\ SUPPRESSION Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio Supprime! - C:\Program Files\Dealio\DealioAU.exe Supprime! - C:\Program Files\Dealio\kb127 Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@ads.piolet[2].txt Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@piolet[2].txt Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@www.piolet[2].txt Supprime! - C:\Program Files\Search Settings\kb127 Supprime! - C:\Program Files\Search Settings\SearchSettings.exe Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@h.starware[1].txt Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@try.starware[1].txt Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@try.starware[2].txt Supprime! - C:\Users\Philippe\AppData\Local\Temp\nssB877.tmp Supprime! - C:\Program Files\Dealio Supprime! - C:\Program Files\Search Settings -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.atcomet.com/b/"'>http://google.atcomet.com/b/" "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://recherche.neuf.fr/"'>http://recherche.neuf.fr/"'>http://recherche.neuf.fr/"'>http://recherche.neuf.fr/" "Search Bar"="http://recherche.neuf.fr/ie/default.html"'>http://recherche.neuf.fr/ie/default.html" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720"'>http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/"'>http://www.msn.com/" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop"'>http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop" "Default_Search_URL"="http://recherche.neuf.fr/" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections C:\Users\Philippe\AppData\Local\giywu.dat C:\Users\Philippe\AppData\Local\giywu.exe C:\Users\Philippe\AppData\Local\giywu_nav.dat C:\Users\Philippe\AppData\Local\giywu_navps.dat C:\Users\Philippe\AppData\Local\giywu_navup.dat ==> EGDACCESS <== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}] NameServer REG_SZ 85.255.114.109;85.255.112.153 ==> WAREOUT <== [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 10/12/2008|19:05 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 10/12/2008|19:10 - Option : [2] -----------\\ Fin du rapport a 19:10:18,36 Rapport toolbar S&D option2 -----------\\ ToolBar S&D 1.2.6 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6000 ) X86-based PC ( Multiprocessor Free : Genuine Intel® CPU T2060 @ 1.60GHz ) BIOS : Ver 1.00PARTTBLv USER : Philippe ( Administrator ) BOOT : Normal boot Antivirus : Norton Internet Security 2007 (Activated) Firewall : Norton Internet Security 2007 (Activated) C:\ (Local Disk) - NTFS - Total:106 Go (Free:27 Go) D:\ (Local Disk) - NTFS - Total:5 Go (Free:1 Go) E:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 ) Option : [2] ( 10/12/2008|19:08 ) [ UAC => 1 ] -----------\\ SUPPRESSION Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio Supprime! - C:\Program Files\Dealio\DealioAU.exe Supprime! - C:\Program Files\Dealio\kb127 Supprime! - C:\Program Files\Dealio\SearchSettingsKit.exe Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@ads.piolet[2].txt Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@piolet[2].txt Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@www.piolet[2].txt Supprime! - C:\Program Files\Search Settings\kb127 Supprime! - C:\Program Files\Search Settings\SearchSettings.exe Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@h.starware[1].txt Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@try.starware[1].txt Supprime! - C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\Cookies\philippe@try.starware[2].txt Supprime! - C:\Users\Philippe\AppData\Local\Temp\nssB877.tmp Supprime! - C:\Program Files\Dealio Supprime! - C:\Program Files\Search Settings -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://google.atcomet.com/b/" "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://recherche.neuf.fr/" "Search Bar"="http://recherche.neuf.fr/ie/default.html" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/" "Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop" "Default_Search_URL"="http://recherche.neuf.fr/" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" --------------------\\ Recherche d'autres infections C:\Users\Philippe\AppData\Local\giywu.dat C:\Users\Philippe\AppData\Local\giywu.exe C:\Users\Philippe\AppData\Local\giywu_nav.dat C:\Users\Philippe\AppData\Local\giywu_navps.dat C:\Users\Philippe\AppData\Local\giywu_navup.dat ==> EGDACCESS <== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\Tcpip\Parameters] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] NameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}] DhcpNameServer REG_SZ 85.255.114.109;85.255.112.153 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}] NameServer REG_SZ 85.255.114.109;85.255.112.153 ==> WAREOUT <== [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 10/12/2008|19:05 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 10/12/2008|19:10 - Option : [2] -----------\\ Fin du rapport a 19:10:18,36 Rapport navilog option1 Search Navipromo version 3.6.9 commencé le 10/12/2008 à 20:26:28,02 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Philippe" Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO Microsoft Windows Vista 6.0.6000 Internet Explorer : 7.0.6000.16757 Système de fichiers : Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "c:\users\philippe\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "C:\Users\Philippe\AppData\Local\virtualstore\Program Files" *** ...\InternetGameBox trouvé ! *** Recherche dossiers dans "C:\Users\Philippe\AppData\Roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Scan Catchme non réalisé. Droits limités sur la session actuelle. *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\Philippe\AppData\Local\Microsoft" * * Recherche dans "C:\Users\Philippe\AppData\Local\virtualstore\windows\system32" * * Recherche dans "C:\Users\Philippe\AppData\Local" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : * Dans "C:\Users\Philippe\AppData\Local\Microsoft" : * Dans "C:\Users\Philippe\AppData\Local\virtualstore\windows\system32" : * Dans "C:\Users\Philippe\AppData\Local" : giywu.exe trouvé ! giywu.dat trouvé ! giywu_nav.dat trouvé ! giywu_navps.dat trouvé ! giywu_navup.dat trouvé ! 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 10/12/2008 à 20:27:53,55 *** Rapport navilog option2 : pas pu le lancer (plus d'accès). Rapport smitfraudfix option1 SmitFraudFix v2.383 Scan done at 6:31:59,70, 11/12/2008 Run from C:\Users\Philippe\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6000] - Windows_NT The filesystem type is Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1180792731\ee\aolsoftware.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Philippe\AppData\Local\giywu.exe C:\Windows\System32\rundll32.exe C:\Program Files\BitComet\BitComet.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Windows\system32\conime.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\aol\aol toolbar 4.0\AolTbServer.exe C:\Program Files\Microsoft Office\Office\Winword.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ C:\autorun.inf FOUND ! C:\resycled\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Philippe »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Philippe\AppData\Local\Temp »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Philippe\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\homeview FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Philippe\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, following keys are not inevitably infected!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "LoadAppInit_DLLs"=dword:00000000 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Réseau local Broadcom 802.11b/g DNS Server Search Order: 85.255.114.109;85.255.112.153 HKLM\SYSTEM\CCS\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: DhcpNameServer=85.255.114.109;85.255.112.153 HKLM\SYSTEM\CCS\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer=85.255.114.109;85.255.112.153 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}: NameServer=85.255.114.109;85.255.112.153 HKLM\SYSTEM\CS1\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: DhcpNameServer=85.255.114.109;85.255.112.153 HKLM\SYSTEM\CS1\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer=85.255.114.109;85.255.112.153 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}: NameServer=85.255.114.109;85.255.112.153 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=85.255.114.109;85.255.112.153 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.109;85.255.112.153 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=85.255.114.109;85.255.112.153 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.109;85.255.112.153 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Rapport smitfraudfix option2 SmitFraudFix v2.383 Scan done at 6:44:19,68, 11/12/2008 Run from C:\Users\Philippe\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6000] - Windows_NT The filesystem type is Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost ::1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\autorun.inf Deleted C:\Users\Philippe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\homeview Deleted C:\resycled\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Réseau local Broadcom 802.11b/g DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:56:41, on 11/12/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1180792731\ee\aolsoftware.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Philippe\AppData\Local\giywu.exe C:\Program Files\BitComet\BitComet.exe C:\Windows\ehome\ehmsas.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180792731\ee\AOLSoftware.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [giywu] "c:\users\philippe\appdata\local\giywu.exe" giywu O4 - HKCU\..\Run: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CCS\Services\Tcpip\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS1\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS6\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153 O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10977 bytes

Bonjour pear et merci pour la réponse rapide. Je ne sais pas comment j'ai fais mais j'ai fait un copier/coller malencontreux en guise de réponse. Donc voici le contenu du fichier : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:24:31, on 09/12/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Java\jre1.6.0\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\AOL\1180792731\ee\aolsoftware.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Philippe\AppData\Local\giywu.exe C:\Program Files\BitComet\BitComet.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180792731\ee\AOLSoftware.exe O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [giywu] "c:\users\philippe\appdata\local\giywu.exe" giywu O4 - HKCU\..\Run: [bitComet] C:\Program Files\BitComet\BitComet.exe /tray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Philippe\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CCS\Services\Tcpip\..\{D08CE38F-6FC5-4B34-A966-9B33312A90A0}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS1\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS6\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CS6\Services\Tcpip\..\{04A3FD4E-BB55-4574-8562-BD29F3903216}: NameServer = 85.255.114.109;85.255.112.153 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.109;85.255.112.153 O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13230 bytes Merci de votre aide

Bonjour à tous, J'ai un problème : je suis redirigé vers bediddle lorsque j'utilise google. J'ai parcourru pas mal de forum sur le sujet, et cela semble compliqué à résoudre. De plus je ne suis pas un crack en informatique ce qui complique certainement la chose... J'utilise vista Merci d'avance pour les réponses.