windows update et windows defender [Résolu]

[phaenna]

Bonjour,

j'ai un soucis avec ces 2 programmes, je suis sous vista. Je n'arrive pas à les mettre à jour.Quand je cliques sur installer les mises à jour, rien ne se passe. De plus dans la rubirque centre de sécurité, je remarque que mon anti virus n'est pas actif et même quand je clique pour l'activer rien ne se passe. Ce qui est tres bizarre car j'ai enlevé l'ancienne version et j'en ai mis une nouvelle mais rien. Merci pour votre aide

[danakil]

Salut !

Fais ceci :
Télécharge HJTInstall.exe sur ton Bureau.
> double-clics sur le fichier HJTInstall.exe afin de l'installer.
> Il se lancera automatiquement.
> Sélectionne :
Do a system scan and save a logfile
Tu vas obtenir un rapport >> copie le et colle le moi ici en réponse.

[phaenna]

Salut

Merci pour la réponse.
J'ai fait la manip comme tu m'as dit et voilà la réponse

Je fais quoi maintenant?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:21:15, on 02/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:Windowssystem32 askeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:Program FilesAcerEmpowering TechnologySysMonitor.exe
C:Program FilesNewTech InfosystemsNTI Backup Now 5BkupTray.exe
C:WindowsSystem32 undll32.exe
C:Windowsvsnp2uvc.exe
C:Windows snp2uvc.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program FilesLavasoftAd-AwareAAWTray.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowsehomeehtray.exe
C:Program FilesBitCometBitComet.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Windowsehomeehmsas.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesHPDigital Imaginginhpqtra08.exe
C:UserssebAppDataRoamingMicrosoftNotification de cadeaux MSNlsnfier.exe
C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
C:Program FilesCommon Filesmicrosoft sharedWorks SharedWkCalRem.exe
C:Program FilesWindows LiveContactswlcomm.exe
C:Program FilesHPDigital ImaginginhpqSTE08.exe
C:Program FilesHPDigital Imaginginhpqbam08.exe
C:Windowssystem32wuauclt.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Windowssystem32SearchFilterHost.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.msn.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:Program FilesHPSmart Web Printinghpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:Program FilesBitComet oolsBitCometBHO_1.3.3.2.dll
O2 - BHO: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:Program FilesSearch_USA bSea0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_09inssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.2.4204.1700swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:Program FilesSearch_USA bSea0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [Acer Empowering Technology Monitor] C:Program FilesAcerEmpowering TechnologySysMonitor.exe
O4 - HKLM..Run: [PCMMediaSharing] C:Program FilesAcer Arcade LiveAcer HomeMedia ConnectKernelDMSPCMMediaSharing.exe
O4 - HKLM..Run: [BkupTray] "C:Program FilesNewTech InfosystemsNTI Backup Now 5BkupTray.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe
O4 - HKLM..Run: [Setresolution] C:ACERconfig1680x1050.cmd
O4 - HKLM..Run: [snp2uvc] C:Windowsvsnp2uvc.exe
O4 - HKLM..Run: [tsnp2uvc] C:Windows snp2uvc.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [Ad-Watch] C:Program FilesLavasoftAd-AwareAAWTray.exe
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [BitComet] "C:Program FilesBitCometBitComet.exe" /tray
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'SERVICE RESEAU')
O4 - Startup: Notification de cadeaux MSN.lnk = C:UserssebAppDataRoamingMicrosoftNotification de cadeaux MSNlsnfier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 - Startup: WkCalRem.LNK = C:Program FilesCommon Filesmicrosoft sharedWorks SharedWkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imaginginhpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:Program FilesBitCometBitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:Program FilesBitCometBitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:Program FilesBitCometBitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09inssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:Program FilesBitComet oolsBitCometBHO_1.3.3.2.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:windowssystem32
vlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32
vlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32
vlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32
vlsp.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O17 - HKLMSystemCCSServicesTcpip..{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: NameServer = 85.255.112.14,85.255.112.62
O17 - HKLMSystemCS1ServicesTcpipParameters: NameServer = 85.255.112.14,85.255.112.62
O17 - HKLMSystemCS1ServicesTcpip..{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: NameServer = 85.255.112.14,85.255.112.62
O17 - HKLMSystemCS2ServicesTcpipParameters: NameServer = 85.255.112.14,85.255.112.62
O17 - HKLMSystemCS2ServicesTcpip..{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}: NameServer = 85.255.112.14,85.255.112.62
O17 - HKLMSystemCCSServicesTcpipParameters: NameServer = 85.255.112.14,85.255.112.62
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program Filesin32
SvcAppFlt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program Filesin32
SvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32
vvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe

--
End of file - 11946 bytes

[danakil]

Salut !

Tu as un "invité" sur ton PC ... Son nom --> Hacker !
Celui-ci utilise ton PC pour en infecter d'autres.

Pas de panique, nous allons lui fermer la porte à ton PC, l'identifier et détruire tous ses programmes sources.

Fais ceci :
1/ Télécharge Wort sur ton Bureau.
> Double clics (ou clic droit dessus - Exécuter en tant qu'Administrateur) sur Wort.exe pour l'installer > Suis la procédure.

*** Redémarre ton PC en mode sans échec comme ceci :
http://www.pcloisirs.eu/mode_sans_echec.htm

2/ Ouvre le dossier Wort sur ton Bureau et fais un clic droit sur le fichier nommé --> WareOut_Removal_Tool.bat > Exécuter en tant qu'Administrateur (l'extension .bat n'est pas forcément visible).
> Sélectionne l'option 1 et valide
> A la fin du scan referme tout et redémarre normalement ton PC.

3/ Récupère le rapport de Wort que tu trouveras ici :
C:WortWORT_report.txt <-- en gras
> Ouvre le, copie le et colle le moi ici en réponse.

[Skynet]

ahaha excellent danakil en mode "Terminator", j'adore .

Belle infection oui, bon courage .

[phaenna]

Salut

Merci merci merci beaucoup pour ton aide.
Après lu ton message, j'ai bien fait tout comme tu m'as dit et re voilà le rapport.
C'est très gentil merci.


===== Rapport WareOut Removal Tool =====

version 3.6.2

analyse effectuée le 03/09/2009 à 10:34:59,89

Résultats de l'analyse :
========================

~~~~ Recherche d'infections dans C: ~~~~


~~~~ Recherche d'infections dans C:Program Files ~~~~


~~~~ Recherche d'infections dans C:Windowssystem ~~~~


~~~~ Recherche d'infections dans C:Windowssystem32 ~~~~


C:Windowssystem32MSIVXcount trouvé!
C:Windowssystem32MSIVXcount suppression impossible


~~~~ Recherche d'infections dans C:Windowssystem32drivers ~~~~


~~~~ Recherche d'infections dans C:UserssebAppDataRoaming ~~~~


~~~~ Recherche d'infections dans C:UserssebBureau ~~~~


~~~~ Recherche de détournement de DNS ~~~~

[HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters]
NameServer REG_SZ 85.255.112.14,85.255.112.62
[HKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParametersInterfaces{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}]
NameServer REG_SZ 85.255.112.14,85.255.112.62
[HKEY_LOCAL_MACHINESystemControlSet001ServicesTcpipParameters]
NameServer REG_SZ 85.255.112.14,85.255.112.62
[HKEY_LOCAL_MACHINESystemControlSet001ServicesTcpipParametersInterfaces{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}]
NameServer REG_SZ 85.255.112.14,85.255.112.62
[HKEY_LOCAL_MACHINESystemControlSet002ServicesTcpipParameters]
NameServer REG_SZ 85.255.112.14,85.255.112.62
[HKEY_LOCAL_MACHINESystemControlSet002ServicesTcpipParametersInterfaces{0D9E239F-8E1F-490E-8A2E-36C9885FFF89}]
NameServer REG_SZ 85.255.112.14,85.255.112.62


~~~~ Recherche de Rootkits ~~~~

_______________________________________________________________________

driver loading error disk not found C:

please note that you need administrator rights to perform deep scan
_______________________________________________________________________




~~~~ Recherche d'infections dans C:UserssebAppDataLocalTemp ~~~~


~~~~ Recherche d'infections dans C:UserssebStart MenuPrograms ~~~~


~~~~ Nettoyage du registre ~~~~


~~~~ Tentative de réparation des entrées suivantes: ~~~~

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] = "System"

[HKLMSYSTEMCurrentControlSetServicesWindows Tribute Service]
[HKLMSYSTEMCurrentControlSetEnumRootLEGACY_Windows Tribute Service]

~~~~ Vérification: ~~~~




_________________________________

développé par http://pc-system.fr
_________________________________

[danakil]

Re,

Télécharge ComboFix de sUBs sur ton Bureau et pas ailleurs.

*** Déconnectes toi d'internet et désactives ton antivirus pour que ComboFix puisse s'exécuter normalement ***

> Double clique (ou clic droit ...) sur ComboFix.exe et suis les instructions.
(Si demandé, sélectionne la langue et l'option 1 puis valide).

> Installe la console de récupération si proposé et continue.

!!! Ne touches à rien tant que le scan n'est pas terminé !!!

> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
(il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.)

NOTE : Le rapport se trouve également ici : C:ComboFix.txt


Poste moi aussi un nouveau rapport HijackThis en sélectionnant :
Do a system scan and save a logfile

[phaenna]

je n'arrive pas à ouvrir mes rapports cela met

C:/users/seb/pictures/rapport combofix.txt.
Tentative d'opération non autorisée sur une clé du registre marqué pour suppression

[phaenna]

Désolé j'avais oublié de redemarrer le pc!!!
Donc ca c'est le rapport combofix :

ComboFix 09-09-02.02 - seb 03/09/2009 14:24.1.2 - NTFSx86
Microsoft® Windows Vista™ Edition Familiale Premium 6.0.6001.1.1252.33.1036.18.2814.1902 [GMT 2:00]
Running from: c:userssebDesktopComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:$recycle.binS-1-5-21-1412506290-2279356703-2400534833-500
c:$recycle.binS-1-5-21-2760852498-2543259003-1422614318-1000
c:userssebAppDataRoaming.#
c:userssebAppDataRoaming.#MBX@1640@2A2990.###
c:userssebAppDataRoaming.#MBX@1640@2A29C0.###
c:userssebAppDataRoaming.#MBX@1640@2A29F0.###
c:userssebAppDataRoaming.#MBX@16F0@1832990.###
c:userssebAppDataRoaming.#MBX@16F0@18329C0.###
c:userssebAppDataRoaming.#MBX@16F0@18329F0.###
c:userssebAppDataRoaming.#MBX@1780@1C22990.###
c:userssebAppDataRoaming.#MBX@1780@1C229C0.###
c:userssebAppDataRoaming.#MBX@1780@1C229F0.###
c:userssebAppDataRoaming.#MBX@7A8@282990.###
c:userssebAppDataRoaming.#MBX@7A8@2829C0.###
c:userssebAppDataRoaming.#MBX@7A8@2829F0.###
c:windowssystem32AutoRun.inf
c:windowssystem32MSIVXcount
c:windowssystem32MSIVXhwbkeqbcrpilmtyibbdqcsprjmgmpdtq.dll.vir

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------Legacy_MSIVXSERV.SYS
-------Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-09-03 12:29 . 2009-09-03 12:32 -------- d-----w- c:userssebAppDataLocal emp
2009-09-03 12:29 . 2009-09-03 12:29 -------- d-----w- c:usersDefaultAppDataLocal emp
2009-09-03 09:43 . 2009-09-03 09:43 -------- d-----w- c:userssebAppDataLocalNeuf
2009-09-03 08:28 . 2009-09-03 08:35 -------- d-----w- C:WORT
2009-09-02 12:21 . 2009-09-02 12:21 -------- d-----w- c:program filesTrend Micro
2009-09-01 13:32 . 2009-01-18 21:35 15688 ----a-w- c:windowssystem32lsdelete.exe
2009-09-01 12:56 . 2009-09-01 12:56 -------- dc----w- c:windowssystem32DRVSTORE
2009-09-01 12:56 . 2009-01-18 21:30 64160 ----a-w- c:windowssystem32driversLbd.sys
2009-09-01 12:56 . 2009-09-01 12:56 -------- dc-h--w- c:programdata{83C91755-2546-441D-AC40-9A6B4B860800}
2009-09-01 12:56 . 2009-09-01 12:56 -------- d-----w- c:programdataLavasoft
2009-09-01 12:56 . 2009-09-01 12:56 -------- d-----w- c:program filesLavasoft
2009-09-01 11:45 . 2009-08-17 16:05 114768 ----a-w- c:windowssystem32driversaswSP.sys
2009-09-01 11:45 . 2009-08-17 16:05 20560 ----a-w- c:windowssystem32driversaswFsBlk.sys
2009-09-01 11:45 . 2009-08-17 16:04 51376 ----a-w- c:windowssystem32driversaswTdi.sys
2009-09-01 11:45 . 2009-08-17 16:04 23152 ----a-w- c:windowssystem32driversaswRdr.sys
2009-09-01 11:45 . 2009-08-17 16:02 97480 ----a-w- c:windowssystem32AvastSS.scr
2009-09-01 11:45 . 2009-08-17 16:10 1279456 ----a-w- c:windowssystem32aswBoot.exe
2009-09-01 11:45 . 2009-08-17 16:05 53328 ----a-w- c:windowssystem32driversaswMonFlt.sys
2009-08-13 15:44 . 2009-08-13 15:44 995200 ----a-w- c:usersPublicMyWebTattoo.exe
2009-08-08 01:27 . 2008-08-05 15:30 241664 ----a-w- c:windows snp2uvc.exe
2009-08-08 01:27 . 2008-07-16 08:59 27264 ----a-w- c:windowssystem32driverssncduvc.sys
2009-08-08 01:27 . 2008-03-19 13:07 180224 ----a-w- c:windowssystem32 snp2uvc.dll
2009-08-08 01:27 . 2009-08-08 01:27 -------- d-----w- c:program filesCommon FilesSNP2UVC
2009-08-08 01:27 . 2008-08-06 12:55 3480192 ----a-w- c:windowssystem32driverssnp2uvc.sys
2009-08-08 01:27 . 2008-08-01 14:10 675840 ----a-w- c:windowsvsnp2uvc.exe
2009-08-08 01:27 . 2008-07-18 14:37 128000 ----a-w- c:windowsamcap.exe
2009-08-08 01:27 . 2008-06-23 13:41 294912 ----a-w- c:windowssystem32vsnp2uvc.dll
2009-08-08 01:27 . 2007-07-04 15:28 176128 ----a-w- c:windowssystem32csnp2uvc.dll
2009-08-08 01:27 . 2009-08-08 01:27 -------- d-----w- c:userssebAppDataRoamingInstallShield
2009-08-08 01:21 . 2007-10-04 15:42 48128 ----a-w- c:windowssystem32Remove.exe
2009-08-08 01:21 . 2004-11-22 11:37 40960 ----a-w- c:windows98Setup.exe
2009-08-08 01:21 . 2009-08-08 01:21 -------- d-----w- c:program filesANC
2009-08-08 01:21 . 2009-08-08 01:21 -------- d-----w- c:program filesCommon FilesPAC7302
2009-08-08 01:21 . 2009-08-08 01:21 -------- d-----w- c:windowsPixArt
2009-08-08 01:21 . 2007-11-08 08:30 454656 ----a-w- c:windowssystem32driversPAC7302.sys
2009-08-08 01:21 . 2006-10-12 09:57 14336 ----a-w- c:windowssystem32P7302USD.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 12:30 . 2009-04-11 20:56 12 ----a-w- c:windowsthservsdp.dat
2009-09-03 12:14 . 2008-01-21 08:40 669340 ----a-w- c:windowssystem32perfh00C.dat
2009-09-03 12:14 . 2008-01-21 08:40 123350 ----a-w- c:windowssystem32perfc00C.dat
2009-09-03 09:42 . 2009-05-10 15:03 -------- d-----w- c:program filesSFR
2009-09-03 09:36 . 2009-07-19 19:32 -------- d-----w- c:program filesBitComet
2009-09-01 14:05 . 2008-05-09 02:04 -------- d-----w- c:program filesAcer GameZone
2009-09-01 14:02 . 2008-05-09 01:33 -------- d--h--w- c:program filesInstallShield Installation Information
2009-09-01 11:32 . 2008-05-09 01:55 -------- d-----w- c:programdataMcAfee
2009-08-30 00:17 . 2009-06-29 20:30 7592 ----a-w- c:userssebAppDataLocald3d9caps.dat
2009-07-28 11:53 . 2009-07-28 11:53 339968 ----a-w- c:windowssystem32pythoncom25.dll
2009-07-28 11:53 . 2009-07-28 11:53 2117632 ----a-w- c:windowssystem32python25.dll
2009-07-28 11:53 . 2009-07-28 11:53 114688 ----a-w- c:windowssystem32pywintypes25.dll
2009-07-24 06:30 . 2009-04-13 09:54 1356 ----a-w- c:userssebAppDataRoamingwklnhst.dat
2009-07-19 19:28 . 2009-07-18 20:57 -------- d-----w- c:program fileseMule
2009-07-19 15:33 . 2009-07-18 20:56 -------- d-----w- c:program filesSearch_USA
2009-07-18 20:56 . 2009-07-18 20:56 -------- d-----w- c:program filesConduit
2009-06-21 19:50 . 2009-06-21 19:50 107888 ----a-w- c:windowssystem32CmdLineExt.dll
2009-06-18 17:27 . 2009-06-18 17:26 125779 ----a-w- c:windowshpqins00.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]
2009-05-20 16:05 2085400 ----a-w- c:program filesSearch_USA bSea0.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{48405d3d-2674-4cd8-b1ef-9a719443bd3f}"= "c:program filesSearch_USA bSea0.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOTclsid{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebbrowser]
"{48405D3D-2674-4CD8-B1EF-9A719443BD3F}"= "c:program filesSearch_USA bSea0.dll" [2009-05-20 2085400]

[HKEY_CLASSES_ROOTclsid{48405d3d-2674-4cd8-b1ef-9a719443bd3f}]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersegisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOTCLSID{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38 121392 ----a-w- c:program filesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-06-21 39408]
"msnmsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408]
"WMPNSCFG"="c:program filesWindows Media PlayerWMPNSCFG.exe" [2008-01-21 202240]
"Neuf Media Center"="c:program filesSFRMedia CenterMediaCenter.exe" [2008-10-10 726336]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Windows Defender"="c:program filesWindows DefenderMSASCui.exe" [2008-01-21 1008184]
"Acer Empowering Technology Monitor"="c:program filesAcerEmpowering TechnologySysMonitor.exe" [2008-04-25 319488]
"BkupTray"="c:program filesNewTech InfosystemsNTI Backup Now 5BkupTray.exe" [2008-04-25 28672]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-04-22 13535776]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2008-04-22 92704]
"WarReg_PopUp"="c:program filesAcerWR_PopUpWarReg_PopUp.exe" [2008-01-29 303104]
"snp2uvc"="c:windowsvsnp2uvc.exe" [2008-08-01 675840]
"tsnp2uvc"="c:windows snp2uvc.exe" [2008-08-05 241664]
"avast!"="c:progra~1ALWILS~1Avast4ashDisp.exe" [2009-08-17 81000]
"Ad-Watch"="c:program filesLavasoftAd-AwareAAWTray.exe" [2009-01-18 506712]
"RtHDVCpl"="RtHDVCpl.exe" - c:windowsRtHDVCpl.exe [2008-03-26 5369856]

c:userssebAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
Notification de cadeaux MSN.lnk - c:userssebAppDataRoamingMicrosoftNotification de cadeaux MSNlsnfier.exe [2009-5-25 135680]
OneNote 2007 - Capture d',cran et lancement.lnk - c:program filesMicrosoft OfficeOffice12ONENOTEM.EXE [2008-10-25 98696]
WkCalRem.LNK - c:program filesCommon Filesmicrosoft sharedWorks SharedWkCalRem.exe [2005-8-19 21504]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
HP Digital Imaging Monitor.lnk - c:program filesHPDigital Imaginginhpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
"{DEDBB5C9-7C94-4700-B32A-CE4BFF5B1973}"= c:program filesAcer Arcade LiveAcer HomeMedia ConnectAcer HomeMedia Connect.exe:Acer HomeMedia Connect
"{7ACC89C8-89F3-4312-9C9F-199767E21D32}"= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{C579C023-D32A-41D7-8B1A-6026E5BF1B7B}"= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{140386EE-96E0-4FEF-A02F-6FAC37BDD3A7}"= UDP:c:program filesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe:AgentSvc.exe
"{EF4F573B-DB47-4635-B3BF-FEB2070B6865}"= UDP:c:program filesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe:SchedulerSvc.exe
"{DD76C2F8-89EE-4986-880C-2661D4ACB58C}"= UDP:c:program filesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe:BackupSvc.exe
"{38BFF5AF-2C45-4A78-A138-33101997BA94}"= TCP:c:program filesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe:AgentSvc.exe
"{6AEEC8E4-82E8-4C7B-A265-0761020E8073}"= TCP:c:program filesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe:SchedulerSvc.exe
"{6A18787C-34F5-43E8-BD37-A88FF14BAB64}"= TCP:c:program filesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe:BackupSvc.exe
"{41FAC990-88D7-4910-937A-878545CCCF08}"= c:program filesAcer Arcade LiveAcer HomeMediaAcer HomeMedia.exe:Acer HomeMedia
"{63224A92-055F-45D2-8F29-62E96FB7E3ED}"= c:program filesAcer Arcade LiveAcer SlideShow DVDAcer SlideShow DVD.exe:Acer SlideShow DVD
"{8D581E77-964F-4E9B-AD66-DF330987F35A}"= c:program filesAcer Arcade LiveAcer VideoMagicianAcer VideoMagician.exe:Acer VideoMagician
"{4DAB1497-FAA2-4A94-A102-0CD883C6EB6A}"= c:program filesAcer Arcade LiveAcer DVDivineAcer DVDivine.exe:Acer DVDivine
"{4D76BBBF-1FE2-4A70-853B-93AB713B970B}"= c:program filesAcer Arcade LiveAcer DV MagicianAcer DV Magician.exe:Acer DV Magician
"{04FA0F91-D03D-4997-A79D-D4CCAA2FDBF0}"= c:program filesAcer Arcade LiveAcer Arcade Live Main PageAcer Arcade Live.exe:Acer Arcade Live
"{E1FC0DBB-5702-4F15-8F02-296203F54805}"= UDP:c:program filesBitCometBitComet.exe:BitComet.exe
"{A45E16B1-7497-4779-8222-55A4489EC4A8}"= TCP:c:program filesBitCometBitComet.exe:BitComet.exe
"{2BFDE6EE-DF3C-4287-986D-E7DB3F42AB95}"= UDP:c:program filesSFRMedia Centerhttpdhttpd.exe:Serveur de partage Media Center (Player SFR)
"{20576746-0E88-42AC-BEC1-84D43B5914F7}"= TCP:c:program filesSFRMedia Centerhttpdhttpd.exe:Serveur de partage Media Center (Player SFR)

[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfileAuthorizedApplicationsList]
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx86eDSfsu.exe:*:Enabled:eDSfsu
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx86encryption.exe:*:Enabled:encryption
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx86decryption.exe:*:Enabled:decryption
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx86eDSMgr.exe:*:Enabled:eDSMgr
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx86eDStbmngr.exe:*:Enabled:eDStbmngr
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx64eDSfsu.exe:*:Enabled:eDSfsu
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx64encryption.exe:*:Enabled:encryption
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx64decryption.exe:*:Enabled:decryption
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx64eDSMgr.exe:*:Enabled:eDSMgr
"c:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe"= c:program filesAcerEmpowering TechnologyeDataSecurityx64eDStbmngr.exe:*:Enabled:eDStbmngr

R0 Lbd;Lbd;c:windowsSystem32driversLbd.sys [01/09/2009 14:56 64160]
R1 aswSP;avast! Self Protection;c:windowsSystem32driversaswSP.sys [01/09/2009 13:45 114768]
R2 aswFsBlk;aswFsBlk;c:windowsSystem32driversaswFsBlk.sys [01/09/2009 13:45 20560]
R2 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [01/09/2009 13:45 53328]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:program filesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe [03/03/2008 13:11 16384]
R2 ETService;Empowering Technology Service;c:program filesAcerEmpowering TechnologyServiceETService.exe [09/05/2008 03:53 24576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program filesLavasoftAd-AwareAAWService.exe [18/01/2009 23:34 921936]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:program filesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe [25/04/2008 21:36 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:program filesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe [25/04/2008 21:36 131072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:windowsSystem32drivers
vhda32v.sys [08/05/2008 21:18 43552]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-01 c:windowsTasksAd-Aware Update (Weekly).job
- c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2009-01-18 21:34]

2009-09-03 c:windowsTasksUser_Feed_Synchronization-{21829B36-4CD4-4542-8698-B3CD2F644187}.job
- c:windowssystem32msfeedssync.exe [2009-05-25 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitComet - c:program filesBitCometBitComet.exe
HKLM-Run-PCMMediaSharing - c:program filesAcer Arcade LiveAcer HomeMedia ConnectKernelDMSPCMMediaSharing.exe
HKLM-Run-Setresolution - c:acerconfig1680x1050.cmd


.
------- Supplementary Scan -------
.
mStart Page = hxxp://fr.fr.acer.yahoo.com
uSearchURL,(Default) = hxxp://fr.search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xporter vers Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000
LSP: %SYSTEMROOT%system32
vLsp.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 14:32
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2432)
c:windowssystem32NVSVC.DLL
c:program filesAcerEmpowering TechnologyeDataSecurityx86PSDProtect.dll
c:program filesAcerEmpowering TechnologyeDataSecurityx86sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:windowsSystem32
vvsvc.exe
c:windowsSystem32audiodg.exe
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:windowsSystem32 undll32.exe
c:program filesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
c:program filesCommon FilesLightScribeLSSrvc.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:program filesin32
SvcAppFlt.exe
c:program filesin32
SvcIp.exe
c:windowsSystem32WUDFHost.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:windowsSystem32wbemunsecapp.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:windowsSystem32wbemWMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-09-03 14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-03 12:35

Pre-Run: 31 294 963 712 octets libres
Post-Run: 31 417 589 760 octets libres

249


et ca c'est le rapport HijackThis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38:14, on 03/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:Windowssystem32 askeng.exe
C:Windowssystem32Dwm.exe
C:Windowssystem32CF14571.exe
C:WindowsExplorer.exe
C:ComboFixhandle.cfxxe
C:Windowssystem32wuauclt.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.msn.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://fr.fr.acer.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://fr.search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:Program FilesHPSmart Web Printinghpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:Program FilesSearch_USA bSea0.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_09inssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.2.4204.1700swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Search USA Toolbar - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - C:Program FilesSearch_USA bSea0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [Acer Empowering Technology Monitor] C:Program FilesAcerEmpowering TechnologySysMonitor.exe
O4 - HKLM..Run: [BkupTray] "C:Program FilesNewTech InfosystemsNTI Backup Now 5BkupTray.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [WarReg_PopUp] C:Program FilesAcerWR_PopUpWarReg_PopUp.exe
O4 - HKLM..Run: [snp2uvc] C:Windowsvsnp2uvc.exe
O4 - HKLM..Run: [tsnp2uvc] C:Windows snp2uvc.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [Ad-Watch] C:Program FilesLavasoftAd-AwareAAWTray.exe
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [Neuf Media Center] "C:Program FilesSFRMedia CenterMediaCenter.exe"
O4 - Startup: Notification de cadeaux MSN.lnk = C:UserssebAppDataRoamingMicrosoftNotification de cadeaux MSNlsnfier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:Program FilesMicrosoft OfficeOffice12ONENOTEM.EXE
O4 - Startup: WkCalRem.LNK = C:Program FilesCommon Filesmicrosoft sharedWorks SharedWkCalRem.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imaginginhpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_09inssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:windowssystem32
vlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32
vlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32
vlsp.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32
vlsp.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/ ... s-i586.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5ClientAgentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:Program FilesAcerEmpowering TechnologyeDataSecurityx86eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesAcerEmpowering TechnologyServiceETService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program Filesin32
SvcAppFlt.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program Filesin32
SvcIp.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32
vvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe

--
End of file - 8613 bytes

Merci pour ton aide, j'attends la suite!!
Merci

[danakil]

Ok!
Ton Ukrénien ne fait plus parti des convives. Il a bien reçu le message :

Hasta la Vista baby !

Encore quelques petites manipulations et nous ferons les updates et réactiverons Defender.

1/ Relance HijackThis > Do a system scan only > coche ces lignes :

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"

> Clique sur FixChecked > Valide par OUI et referme toutes les fenêtres.

2/ Mets à jours Java. Actuellement tu es sur la version 9 alors que la 16 est dispo.
Fait comme ceci :
Connecte toi sur ce site :
http://www.libellules.ch/tuto_javara.php
> Applique les deux premiers onglets
--> Téléchargement et mise à jour de Java
--> Suppression des anciennes versions
C'est beaucoup de lecture pour trés peu de manipulations faciles.

3/ Un dernier scan de ton PC afin d'être sûr que plus rien de néfaste y traîne.
Télécharge GenProc.exe de Narco4 & Jean-Chrétien1 sur ton Bureau.
> Clic droit sur GenProc.exe > Suis les instructions et poste moi son rapport.

[phaenna]

Re grand merci
je fais les manips de suite ou j'attends car contre windows defender et windows update se sont mis à jour tout seul

[danakil]

Re grand merci
je fais les manips de suite ou j'attends car contre windows defender et windows update se sont mis à jour tout seul

Hé ben! ce fut plus simple que prévu ...

Appliques simplement les étapes #1 et #2
Confirme la réalisation et nous passerons ensuite à la fin des manipulations en désinstallant les logiciels de recherches et de nettoyages devenus inutiles sur ton PC.

[H3bus]

Quel dépannage ! (il parait qu'Odessa, c'est trè beau à cette période de l'année...)

[phaenna]

Ouf mon pc a l'air de bien marcher
il est redevenu normal
Merci beaucoup pour ton aide
J'ai fini les étapes 1 et 2

[danakil]

(il parait qu'Odessa, c'est trè beau à cette période de l'année...)