aclim

ok je fais les mise a jour windows je te tiens au courant une fois fini encore merci @clim

avant toute chose a une periode y'avais une des dernieres MaJ de windows XP qui faisait bugger le pc il m'affichait l'ouverture de session et impossible de l'ouvrir comment dois je faire? @clim

tout d'abord merci de ta reponse pour repondre a ta question l'ordinateur n'est pas a jour car il ne se lancer plus du tout meme en mode sans echec donc j'ai fais une reparation a partir du cd mais avant de faire toute mise a jour je prefere etre sur de ne plus rien avoir sur le pc ensuite mes parents ne pocede aucun site internet mon pere a attraper se virus en effectuant une simple recherche sur le net "d'apres ces dires" (peut etre un mauvais clic sa je ne sais pas) pour finir voici les deux rapports Logfile of random's system information tool 1.07 (written by random/random) Run by Compaq_Propriétaire at 2010-05-16 16:05:27 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 134 GB (90%) free of 149 GB Total RAM: 1406 MB (63% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:05:45, on 16/05/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Compaq_Propriétaire\Bureau\RSIT.exe C:\Program Files\trend micro\Compaq_Propriétaire.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 7750 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2941977146-894043044-2822475458-1008Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2941977146-894043044-2822475458-1008UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 54248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0\bin\jusched.exe [2005-01-01 36972] "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] "KBD"=C:\HP\KBD\KBD.EXE [2005-02-03 61440] "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472] "AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344] "PS2"=C:\WINDOWS\system32\ps2.exe [2003-09-12 98304] "LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-04-06 339968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-04-06 46080] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes" ======List of files/folders created in the last 1 months====== 2010-05-16 18:26:48 ----RSHD---- C:\cmdcons 2010-05-16 18:18:09 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Malwarebytes 2010-05-16 18:17:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-16 18:17:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-05-16 18:12:25 ----D---- C:\Program Files\Sunbelt Software 2010-05-16 18:01:25 ----A---- C:\WINDOWS\system32\LuResult.txt 2010-05-16 17:49:43 ----A---- C:\WINDOWS\system32\wmpns.dll 2010-05-16 17:49:11 ----ASH---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\desktop.ini 2010-05-16 17:49:09 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Identities 2010-05-16 17:49:09 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Apple Computer 2010-05-16 17:49:08 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Symantec 2010-05-16 17:49:08 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\SampleView 2010-05-16 17:49:08 ----D---- C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft 2010-05-16 16:05:27 ----D---- C:\rsit 2010-05-16 14:50:01 ----D---- C:\Program Files\Trend Micro 2010-05-16 14:06:20 ----A---- C:\WINDOWS\system32\tmp.txt 2010-05-16 14:01:01 ----A---- C:\rapport.txt 2010-05-16 13:34:31 ----D---- C:\Program Files\Spybot - Search & Destroy 2010-05-16 13:34:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2010-05-16 13:33:55 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2010-05-16 06:38:03 ----D---- C:\WINDOWS\tmp 2010-05-16 00:44:04 ----D---- C:\Program Files\CCleaner 2010-05-15 21:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$ 2010-05-15 21:49:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$ 2010-05-15 21:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software 2010-05-12 19:03:23 ----HDC---- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-12 19:03:07 ----D---- C:\Program Files\Lavasoft 2010-05-12 19:03:07 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2010-05-09 20:37:02 ----D---- C:\Program Files\Loaris ======List of files/folders modified in the last 1 months====== 2010-05-17 01:38:33 ----D---- C:\WINDOWS\CACHE 2010-05-16 19:02:10 ----HD---- C:\hp 2010-05-16 19:02:10 ----D---- C:\WINDOWS\system 2010-05-16 18:59:29 ----D---- C:\Program Files\Windows NT 2010-05-16 18:59:28 ----D---- C:\Program Files\Windows Media Player 2010-05-16 18:59:28 ----D---- C:\Program Files\Outlook Express 2010-05-16 18:59:28 ----D---- C:\Program Files\NetMeeting 2010-05-16 18:59:27 ----D---- C:\Program Files\Fichiers communs\Services 2010-05-16 18:59:25 ----D---- C:\WINDOWS\system32\wbem 2010-05-16 18:59:23 ----D---- C:\WINDOWS\system32\ras 2010-05-16 18:59:23 ----D---- C:\WINDOWS\system32\oobe 2010-05-16 18:59:19 ----D---- C:\WINDOWS\system32\icsxml 2010-05-16 18:59:19 ----D---- C:\WINDOWS\system32\ias 2010-05-16 18:59:01 ----D---- C:\WINDOWS\system32\Setup 2010-05-16 18:59:00 ----D---- C:\WINDOWS\system32\Com 2010-05-16 18:59:00 ----D---- C:\WINDOWS\srchasst 2010-05-16 18:58:59 ----RD---- C:\WINDOWS\Web 2010-05-16 18:58:59 ----D---- C:\WINDOWS\Media 2010-05-16 18:58:59 ----D---- C:\WINDOWS\addins 2010-05-16 18:58:55 ----RSD---- C:\WINDOWS\Fonts 2010-05-16 18:58:53 ----D---- C:\WINDOWS\Cursors 2010-05-16 18:58:51 ----D---- C:\WINDOWS\I386 2010-05-16 18:58:51 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$ 2010-05-16 18:50:06 ----RSD---- C:\WINDOWS\assembly 2010-05-16 18:27:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-05-16 18:26:58 ----RASH---- C:\boot.ini 2010-05-16 18:26:48 ----A---- C:\WINDOWS\UPGRADE.TXT 2010-05-16 18:26:45 ----D---- C:\WINDOWS\setup.pss 2010-05-16 18:26:16 ----D---- C:\Program Files\Fichiers communs 2010-05-16 18:26:15 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec 2010-05-16 18:25:57 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$ 2010-05-16 18:25:28 ----D---- C:\WINDOWS\security 2010-05-16 18:16:48 ----D---- C:\WINDOWS\system32\Restore 2010-05-16 18:12:29 ----D---- C:\WINDOWS\Prefetch 2010-05-16 18:08:42 ----D---- C:\Program Files\QuickTime 2010-05-16 17:59:15 ----SHD---- C:\RECYCLER 2010-05-16 17:49:07 ----D---- C:\Documents and Settings 2010-05-16 17:48:04 ----D---- C:\sysprep 2010-05-16 17:47:30 ----RASH---- C:\BOOT.BAK 2010-05-16 17:46:04 ----D---- C:\WINDOWS\Registration 2010-05-16 17:43:20 ----D---- C:\WINDOWS\system32\CatRoot 2010-05-16 17:42:37 ----A---- C:\WINDOWS\system.ini 2010-05-16 15:34:04 ----SHD---- C:\WINDOWS\Installer 2010-05-16 15:34:03 ----SHD---- C:\Config.Msi 2010-05-16 15:34:03 ----D---- C:\Program Files 2010-05-16 15:34:02 ----D---- C:\WINDOWS\system32 2010-05-16 15:33:21 ----D---- C:\WINDOWS\Tasks 2010-05-16 15:33:21 ----D---- C:\Program Files\Easy Internet signup 2010-05-16 15:32:00 ----D---- C:\WINDOWS\Temp 2010-05-16 15:32:00 ----D---- C:\WINDOWS\Debug 2010-05-16 15:32:00 ----D---- C:\WINDOWS 2010-05-16 14:56:44 ----D---- C:\WINDOWS\Downloaded Program Files 2010-05-16 14:49:34 ----D---- C:\WINDOWS\system32\dllcache 2010-05-16 14:49:29 ----D---- C:\WINDOWS\system32\CatRoot2 2010-05-16 14:48:43 ----D---- C:\WINDOWS\system32\drivers 2010-05-16 14:48:06 ----N---- C:\WINDOWS\SchedLgU.Txt 2010-05-16 13:34:13 ----D---- C:\WINDOWS\SoftwareDistribution 2010-05-16 13:34:01 ----D---- C:\WINDOWS\Help 2010-05-16 13:33:57 ----HD---- C:\WINDOWS\inf 2010-05-16 05:03:15 ----D---- C:\temp 2010-05-16 00:45:46 ----D---- C:\WINDOWS\Minidump 2010-05-15 20:35:01 ----D---- C:\WINDOWS\pss 2010-05-15 20:26:20 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2010-05-15 20:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2010-05-04 11:32:53 ----D---- C:\Program Files\IncrediMail 2010-04-25 14:28:11 ----A---- C:\WINDOWS\ULEAD32.INI 2010-04-18 10:36:25 ----D---- C:\Program Files\Google ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888] R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-06 1035776] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824] R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2002-07-29 23808] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R4 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [] S1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [] S3 ltmodem5;LT Modem Driver; C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-04 607452] S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416] S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-05 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-06 364544] R2 SbPF.Launcher;SbPF.Launcher; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528] R2 SPF4;Sunbelt Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-05 268800] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] -----------------EOF----------------- ------------------------------------------------------ info.txt logfile of random's system information tool 1.06 2010-05-16 16:05:48 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 6.0.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A00000000001} Agere Systems PCI Soft Modem-->agrsmdel ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Compléments d'aide et de support-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall Correctif Windows XP - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Correctif Windows XP - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe Correctif Windows XP - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Correctif Windows XP - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Correctif Windows XP - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe Correctif Windows XP - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe Correctif Windows XP - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe Correctif Windows XP - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} KBD-->C:\HP\KBD\KBD.EXE uninstalled Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} PC-Doctor for Windows-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1036 PS2-->C:\WINDOWS\system32\ps2.exe uninstall Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Sunbelt Personal Firewall-->MsiExec.exe /X{82B1150E-9B37-49FC-83EB-D52197D900D0} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== FW: Sunbelt Personal Firewall ======System event log====== Computer Name: MAISON Event Code: 7035 Message: Un contrôle Démarrer a correctement été envoyé au service Compatibilité avec le Changement rapide d'utilisateur. Record Number: 5 Source Name: Service Control Manager Time Written: 20100516174928.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: MAISON Event Code: 7036 Message: Le service Services Terminal Server est entré dans l'état : en cours d'exécution. Record Number: 4 Source Name: Service Control Manager Time Written: 20100516174928.000000+120 Event Type: Informations User: Computer Name: MAISON Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 3 Source Name: EventLog Time Written: 20100516174905.000000+120 Event Type: Informations User: Computer Name: MAISON Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 2 Source Name: EventLog Time Written: 20100516174905.000000+120 Event Type: Informations User: Computer Name: maison Event Code: 115 Message: Le suivi de la Restauration système a été activé sur tous les lecteurs. Record Number: 1 Source Name: SRService Time Written: 20100516174807.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: MAISON Event Code: 1 Message: Record Number: 5 Source Name: ccEvtMgr Time Written: 20100516174920.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: MAISON Event Code: 26 Message: Record Number: 4 Source Name: ccEvtMgr Time Written: 20100516174918.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: MAISON Event Code: 1 Message: Record Number: 3 Source Name: ccSetMgr Time Written: 20100516174917.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: MAISON Event Code: 26 Message: Record Number: 2 Source Name: ccSetMgr Time Written: 20100516174908.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: MAISON Event Code: 26 Message: Record Number: 1 Source Name: ccProxy Time Written: 20100516174908.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=2f00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\ -----------------EOF----------------- a toute de suite pour la suite encore merci @clim

j'ai omis une chose avant de proceder au rapport hijackthis j'ai deux analyse avec MbAM voici les rapports Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4105 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 16/05/2010 14:47:41 mbam-log-2010-05-16 (14-47-41).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 197513 Temps écoulé: 55 minute(s), 9 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\Temp\~TM15.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\~TM45.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\wwwzuc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully. --------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4052 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 16/05/2010 18:24:54 mbam-log-2010-05-16 (18-24-54).txt Type d'examen: Examen rapide Elément(s) analysé(s): 143787 Temps écoulé: 5 minute(s), 58 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\Compaq_Propriétaire\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. ------------------------------------------------------------------------ j'ai aussi fait une analyse spybot celui ci n'a rien trouver @++ @clim

bonjour a tous le pc de mes parents a chopper un gros virus(il changer le fond d'ecran et afficher "your system is infected") mais je sais pas si j'ai reussi a l'eradiquer ou pas voici le rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:50:31, on 16/05/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- End of file - 6428 bytes merci d'avance pour votre aide @++ @clim

merci pour tes conseils @++

et voila le rapport kaspersky -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Tuesday, May 19, 2009 Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Tuesday, May 19, 2009 20:32:57 Records in database: 2198945 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ Scan statistics: Files scanned: 98411 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 02:28:45 File name / Threat name / Threats count C:\Program Files\Trend Micro\Internet Security\Quarantine\lsass.exe Infected: Packed.Win32.Klone.bj 1 The selected area was scanned. bonne analyse et merci pour tes reponses cordialement

et le nouveau rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:21:10 PM, on 5/19/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Windows\System32\rundll32.exe C:\Users\jeje\Documents\wopt010[1]\WLANOptimizerNET.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe D:\Program Files\EVEMon\EVEMon.exe C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Barre d`outils de Trend Micro - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [WLAN Optimizer] c:\Users\jeje\Documents\wopt010[1]\WLANOptimizerNET.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [EVEMon] "D:\Program Files\EVEMon\EVEMon.exe" -startMinimized O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O13 - Gopher Prefix: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/hardwared...ion_3_1_2_0.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://www.yougamers.com/systeminfo/FMSI.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 6301 bytes je dois m'abscenter quelques heure si je dois faire d'autre manipulation ecris les moi je verais sa des mon retour encore merci de ton attention

voici mon rapport MBAM Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2150 Windows 6.0.6001 Service Pack 1 5/19/2009 3:17:52 PM mbam-log-2009-05-19 (15-17-52).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 159575 Temps écoulé: 1 hour(s), 4 minute(s), 38 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

bien le bonjour je me permet de poster pour vous demander si il ete possible d'analyser mon rapport hijackthis s'il vous plait bien entendu je vous le colle Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:44 PM, on 5/19/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18226) Boot mode: Normal Running processes: C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Windows\System32\rundll32.exe C:\Users\jeje\Documents\wopt010[1]\WLANOptimizerNET.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe D:\Program Files\EVEMon\EVEMon.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\Windows\system32\kdfmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Barre d`outils de Trend Micro - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [WLAN Optimizer] c:\Users\jeje\Documents\wopt010[1]\WLANOptimizerNET.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [EVEMon] "D:\Program Files\EVEMon\EVEMon.exe" -startMinimized O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O13 - Gopher Prefix: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/hardwared...ion_3_1_2_0.cab O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - http://www.yougamers.com/systeminfo/FMSI.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 6461 bytes merci d'avance