Ixezed

Merci de l'info, mais cette carte est trop chère pour moi. Elle se vend 180$ CAN ici.

Bonjour à tous! Mon ordinateur a récemment planté sans aucun préavis. Les ventilateurs du processeur, de la carte graphique et du boîtier fonctionnent, mais rien ne s'affiche à l'écran (je n'entend pas les disques durs tourner ni des bips provenant de la carte maîtresse). J'ai essayé de remplacer toutes les pièces une par une, rien ne fonctionne. Je crois donc que le problème est ma carte maîtresse. Je vais donc acheter une nouvelle carte maîtresse et voir si le problème sera réparé (sinon, j'irai me faire rembourser). J'ai présentement un processeur intel pentium D 800 (socket 775 ) et une carte graphique AGP. Mon détaillant informatique m'a dit qu'ils ne tiennent plus de motherboard AGP, je songe donc à m'acheter une carte graphique PCI-E pas très chère, mais relativement performante. Voici les choix que me proposent le magasin : ASUS PCIE RAD EAH4650 512M TVO BTE (75$ CAN) ASUS PCIE RAD EAH4670 512M TVO BTE (89$ CAN) ASUS PCIE GF9 EN9500GT MAGIC 512M BTE (79$ CAN) SAPPHIRE PCIE RAD HD4650 1024M TVO BTE (79$ CAN) Est-ce que ces cartes sont performantes? Laquelle me conseilleriez-vous? Ça vaut la peine que j'achète une de celles-là ? Merci de vos conseils !

Je ne peux pas poursuivre la procédure puisque mon ordinateur refuse de s'ouvrir! Après avoir lancé HJT, j'ai installé une nouvelle imprimante sur mon PC qui fonctionnait très bien. Durant la soirée, ma copine est venue travailler sur l'ordinateur et lorsqu'elle l'a éteint, elle a été incapable de le rallumer. En fait lorsqu'on allume le PC, les ventilateurs tournent (fan, processeur, carte graphique) mais c'est tout. Rien ne s'affiche sur l'écran. J'ai ôté puis remis les barrettes RAM, j'ai ôté et remis la carte graphique, j'ai changé le jumper du clearBIOS. Je soupçonne peut-être le power supply, mais les ventilos tournent pourtant. La prochaine étape est de démonter le processeur, le nettoyer et de le remettre... Si vous avez d'autres suggestions j'apprécierais! Si je réussi à remettre sur pied la machine, je continuera les étapes ci-haut.

Oups en effet, c'est mon erreur! MBAM m'a demandé un reboot après le scan. Voici le log HJT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:26:17, on 2009-08-25 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\spoolsv.exe f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe F:\Program Files\Avira\AntiVir Desktop\sched.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\Java\jre6\bin\jusched.exe F:\WINDOWS\system32\Rundll32.exe F:\Program Files\Avira\AntiVir Desktop\avgnt.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Avira\AntiVir Desktop\avguard.exe F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\PnkBstrB.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\Ati2evxx.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Benoit Gosselin\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://moteur.chat-land.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {E8F148DF-CEF4-4E01-96AC-791EB183D256} - (no file) O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [updReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [cmds] rundll32.exe F:\DOCUME~1\Famille\LOCALS~1\Temp\tuvSkHWm.dll,c (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [94827131] rundll32.exe "F:\DOCUME~1\Famille\LOCALS~1\Temp\rxjkniku.dll",b (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [MS Juan] rundll32 "F:\DOCUME~1\Famille\LOCALS~1\Temp\fheoau.dll",run (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Famille') O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212110836186 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224096606054 O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28091/activereceiver.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O18 - Protocol: intu-ir2006 - {F5B3637E-01C9-456C-869E-4570CE217261} - F:\ImpotRapide 2006\IR2006\ic2006pp.dll O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - F:\Program Files\ImpotRapide 2007\ic2007pp.dll O20 - AppInit_DLLs: uimggg.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9069 bytes

Oh, merci de l'intervention Mark! Voici le log de MBAM, je vais maintenant redémarrer le PC Malwarebytes' Anti-Malware 1.40 Version de la base de données: 2691 Windows 5.1.2600 Service Pack 3 2009-08-25 02:16:41 mbam-log-2009-08-25 (02-16-41).txt Type de recherche: Examen rapide Eléments examinés: 113770 Temps écoulé: 12 minute(s), 57 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): F:\Documents and Settings\Famille\Application Data\asd.bat (Rogue.WinPCDefender) -> Quarantined and deleted successfully.

Bonjour à tous ! Depuis quelques temps j'éprouve des ralentissements lorsque je navigue sur internet, surtout sur les sites web possédants beaucoup d'images et d'animations. Je n'ai jamais eu de problème de performance auparavant, c'est pourquoi je soupçonne la présence de malwares ou de processus inutiles dans mon PC. J'ai nettoyé tous les fichiers temporaires/cookies/historique de mes navigateurs avec CCleaner. Merci de bien vouloir analyser mon log Hijackthis. Au plaisir -------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:18:44, on 2009-08-24 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\spoolsv.exe f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe F:\Program Files\Avira\AntiVir Desktop\sched.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\Avira\AntiVir Desktop\avguard.exe F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\WINDOWS\system32\Rundll32.exe F:\Program Files\Avira\AntiVir Desktop\avgnt.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\PnkBstrB.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\WINDOWS\System32\svchost.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Benoit Gosselin\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://moteur.chat-land.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {E8F148DF-CEF4-4E01-96AC-791EB183D256} - (no file) O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [updReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [avgnt] "F:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.chat-land.org O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212110836186 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224096606054 O16 - DPF: {BFD90062-6B5E-4F8F-87B1-5F022C14E32F} (ActiveReceiver Control) - http://www.meetstream.com/activex/28091/activereceiver.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O18 - Protocol: intu-ir2006 - {F5B3637E-01C9-456C-869E-4570CE217261} - F:\ImpotRapide 2006\IR2006\ic2006pp.dll O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - F:\Program Files\ImpotRapide 2007\ic2007pp.dll O20 - AppInit_DLLs: uimggg.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - F:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - F:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 7926 bytes

Rapport malmarebyte : Malwarebytes' Anti-Malware 1.33 Version de la base de données: 1722 Windows 5.1.2600 Service Pack 3 2009-02-03 19:18:37 mbam-log-2009-02-03 (19-18-37).txt Type de recherche: Examen complet (C:\|F:\|) Eléments examinés: 233004 Temps écoulé: 1 hour(s), 4 minute(s), 23 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 8 Clé(s) du Registre infectée(s): 10 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 29 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): F:\WINDOWS\system32\ockkcoqs.dll (Trojan.Vundo.H) -> Delete on reboot. F:\WINDOWS\system32\uimggg.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\tuvSkHWm.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\wyiddljo.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\fipsqsmn.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\rxjkniku.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\ftjfeguh.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\fheoau.dll (Trojan.Vundo) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc504f17-b1b4-4d5a-818d-ec6c70956980} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{cc504f17-b1b4-4d5a-818d-ec6c70956980} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd2bd2c4-e4b9-4f5d-85ed-a586f4d73736} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{fd2bd2c4-e4b9-4f5d-85ed-a586f4d73736} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94827131 (Trojan.Vundo.H) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): F:\WINDOWS\system32\rqijoilq.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. F:\WINDOWS\system32\uimggg.dll (Trojan.Vundo.H) -> Delete on reboot. F:\WINDOWS\system32\ockkcoqs.dll (Trojan.Vundo.H) -> Delete on reboot. F:\WINDOWS\system32\sqockkco.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temp\tuvSkHWm.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\wyiddljo.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\fipsqsmn.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\rxjkniku.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\ftjfeguh.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Famille\Local Settings\Temp\fheoau.dll (Trojan.Vundo) -> Delete on reboot. F:\Documents and Settings\Benoit Gosselin\Local Settings\Temporary Internet Files\Content.IE5\K21HQPU7\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Benoit Gosselin\Local Settings\Temporary Internet Files\Content.IE5\IX6XZQEI\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Benoit Gosselin\Local Settings\Temporary Internet Files\Content.IE5\RS38UKPZ\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully. F:\Documents and Settings\Benoit Gosselin\Local Settings\Temporary Internet Files\Content.IE5\YIR6XDWR\img[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temp\vhegjhbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temp\vrbien.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temp\lbklodas.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\3GD3JYMW\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\3GD3JYMW\index[2] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\A2AZOSFY\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\B2JSO109\img[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\D0278Y0Z\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\D0278Y0Z\divx20[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\DUG18OIM\img[1] (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\ihukkcmt.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\pmnljJAp.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\hgGARlig.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\fccaYpPH.dll (Trojan.Vundo) -> Quarantined and deleted successfully. F:\WINDOWS\system32\fcccbbxU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Voici le rapport SDFIX, je vais maintenant lancer Malbytes SDFix: Version 1.240 Run by Benoit Gosselin on 2009-02-02 at 20:51 Microsoft Windows XP [version 5.1.2600] Running From: F:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: F:\WINDOWS\system32\yayYspMd.dll - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-03 17:46:22 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... IPC error: 2 Le fichier spécifié est introuvable. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "F:\\Program Files\\Messenger\\msmsgs.exe"="F:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "F:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"="F:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe:*:Enabled:Mass Effect Game" "F:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"="F:\\Program Files\\Mass Effect\\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "F:\\WINDOWS\\system32\\PnkBstrA.exe"="F:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "F:\\WINDOWS\\system32\\PnkBstrB.exe"="F:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="F:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "F:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"="F:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe:*:Enabled:Orb" "F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"="F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe:*:Enabled:OrbTray" "F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"="F:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client" "F:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"="F:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe:*:Enabled:OrbTVGuide" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - F:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 28 Aug 2008 1,977 ...HR --- "F:\Documents and Settings\Benoit Gosselin\Application Data\SecuROM\UserData\securom_v7_01.bak" Mon 12 Feb 2007 3,096,576 A..H. --- "F:\Documents and Settings\Benoit Gosselin\Application Data\U3\temp\Launchpad Removal.exe" Finished!

Bonjour ! Depuis peu il y a apparition de fenêtres de publicités lorsque je navigue sur internet, j'aimerais avoir l'avis d'un expert s.v.p. Voici le log HJT, merci de votre temps ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:40:08, on 2009-02-01 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\spoolsv.exe f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\PnkBstrB.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe F:\Program Files\ASUS\Asus Probe\AsusProb.exe F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe F:\Program Files\Analog Devices\SoundMAX\Smax4.exe F:\WINDOWS\system32\Rundll32.exe F:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe F:\Program Files\Nero\Nero 7\InCD\InCD.exe F:\Program Files\CyberLink\PCM4Everio\EverioService.exe F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Nikon\PictureProject\NkbMonitor.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\WINDOWS\system32\rundll32.exe F:\WINDOWS\system32\rundll32.exe F:\WINDOWS\system32\wscntfy.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Benoit Gosselin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [ASUS Probe] F:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [updReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [LVCOMSX] "F:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] F:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [EverioService] "F:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [94827131] rundll32.exe "F:\WINDOWS\system32\ockkcoqs.dll",b O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Famille') O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = F:\Program Files\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212110836186 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224096606054 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O18 - Protocol: intu-ir2006 - {F5B3637E-01C9-456C-869E-4570CE217261} - F:\ImpotRapide 2006\IR2006\ic2006pp.dll O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - F:\Program Files\ImpotRapide 2007\ic2007pp.dll O20 - AppInit_DLLs: uimggg.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8353 bytes

Parfait ! Merci beaucoup pour ton aide, c'est très apprécié! Tu fais un excellent travail

Je vais laisser ici le rapport Highjackthis de l'autre ordinateur de la maison, si tu préfères que je le mettes dans un autre sujet je peux en créer un. Je ne sais pas s'il est infecté, il ne présente aucun symptôme apparent, mais j'aimerais en être sûr. ------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:27:53, on 2009-01-11 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\Ati2evxx.exe F:\WINDOWS\system32\spoolsv.exe f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\PnkBstrB.exe F:\Program Files\CyberLink\Shared Files\RichVideo.exe F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Microsoft IntelliType Pro\itype.exe F:\Program Files\Microsoft IntelliPoint\ipoint.exe F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe F:\Program Files\ASUS\Asus Probe\AsusProb.exe F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe F:\Program Files\Analog Devices\SoundMAX\Smax4.exe F:\WINDOWS\system32\Rundll32.exe F:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe F:\Program Files\Nero\Nero 7\InCD\InCD.exe F:\Program Files\CyberLink\PCM4Everio\EverioService.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Windows Live\Messenger\usnsvc.exe F:\Program Files\Messenger\msmsgs.exe F:\Program Files\Windows Live\Messenger\msnmsgr.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\Ati2evxx.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Documents and Settings\Benoit Gosselin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [itype] "F:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "F:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [ASUS Probe] F:\Program Files\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [updReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] F:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "F:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [LVCOMSX] "F:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] F:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] F:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [EverioService] "F:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe (User 'Famille') O4 - HKUS\S-1-5-21-796845957-1788223648-725345543-1004\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Famille') O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1212110836186 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1224096606054 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab O18 - Protocol: intu-ir2006 - {F5B3637E-01C9-456C-869E-4570CE217261} - F:\ImpotRapide 2006\IR2006\ic2006pp.dll O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - F:\Program Files\ImpotRapide 2007\ic2007pp.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - F:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - F:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - f:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - F:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - F:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - F:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8547 bytes

Rapport CF-RC : WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

Parfait, je vais faire ça à l'instant ! Existe-il des logiciels P2P plus "sécuritaires" que Limewire selon toi? Aussi, j'aimerais faire un scan de l'ordinateur principal de la maison afin de voir s'il est infecté, est-ce que je pars un nouveau sujet ou je peux mettre le log highjackthis ici ?

Voici le rapport de kaspersky, il a détecté pas mal de trucs ! 17 menaces et 30 objets infectés. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, January 11, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, January 11, 2009 02:16:18 Records in database: 1600405 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 57216 Threat name: 17 Infected objects: 30 Suspicious objects: 0 Duration of the scan: 01:45:57 File name / Threat name / Threats count C:\Program Files\ESET\infected\0L0PPHCA.NQF Infected: not-a-virus:AdWare.Win32.Beginto.f 1 C:\Program Files\ESET\infected\0L0PPHCA.NQF Infected: not-a-virus:AdWare.Win32.Beginto.i 1 C:\Program Files\ESET\infected\5QDBRKDA.NQF Infected: Backdoor.Win32.MSNMaker.ab 1 C:\Program Files\ESET\infected\BUFNKPDA.NQF Infected: Exploit.Win32.MS04-20.b 1 C:\Program Files\ESET\infected\EKWYGXCA.NQF Infected: not-a-virus:AdWare.Win32.Beginto.f 1 C:\Program Files\ESET\infected\F1NENGDA.NQF Infected: Trojan.Win32.Monder.gen 1 C:\Program Files\ESET\infected\HEPUN2BA.NQF Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.bc 1 C:\Program Files\ESET\infected\OHLN5GDA.NQF Infected: not-a-virus:AdWare.Win32.TrafficSol.d 1 C:\Program Files\ESET\infected\RPHW3SBA.NQF Infected: not-a-virus:AdWare.Win32.SuperJuan.etv 1 C:\Program Files\ESET\infected\VN0BB4AA.NQF Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.au 1 C:\Program Files\ESET\infected\WFGHX2CA.NQF Infected: Trojan-Downloader.Win32.VB.ann 1 C:\Program Files\ESET\infected\XYKSAECA.NQF Infected: Trojan-Downloader.Win32.Agent.auv 1 C:\Program Files\ESET\infected\Y0HSLNBA.NQF Infected: Trojan-Downloader.Win32.Agent.auv 1 C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.a 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ezowoj.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fvs 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\fhbcylqd.dll.vir Infected: Trojan.Win32.Monder.aguq 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hcdtkunv.dll.vir Infected: Trojan.Win32.Pakes.mnh 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\hkguyq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\ivyumfca.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fvs 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\klulajrg.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\lecwrwmb.dll.vir Infected: Trojan.Win32.Monder.aguq 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\txaoescc.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\yrowww.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.fqu 1 C:\WINDOWS\system32\SearchEnhancer\SearchEnhancer.dll Infected: not-a-virus:AdWare.Win32.Beginto.i 1 The selected area was scanned.

J'ai activé le parefeu de windows pour l'instant ! C'est suffisant ?