Infections Spywares,....

Merci de ta réponse rapide. Voici les 2 rapports demandés

############################################
-----------------Voici le rapport Cleannavi:-----------------------------------------
###################################################"

Clean Navipromo version 3.6.5 commencé le 03/09/2008 à 15:23:42,35

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Manu"

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16711
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\Users\Manu\AppData\Local\wsecskc.dat réalisée avec succès !
Copie C:\Users\Manu\AppData\Local\wsecskc.exe réalisée avec succès !
Copie C:\Users\Manu\AppData\Local\wsecskc_nav.dat réalisée avec succès !
Copie C:\Users\Manu\AppData\Local\wsecskc_navps.dat réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\Users\Manu\AppData\Local\wsecskc.dat supprimé !
C:\Users\Manu\AppData\Local\wsecskc.exe supprimé !
C:\Users\Manu\AppData\Local\wsecskc_nav.dat supprimé !
C:\Users\Manu\AppData\Local\wsecskc_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

* Dans "C:\Windows\system32" *


C:\Windows\prefetch\wsecskc*.pf trouvé !
Copie C:\Windows\prefetch\wsecskc*.pf réalisée avec succès !
C:\Windows\prefetch\wsecskc*.pf supprimé !


* Dans "C:\Users\Manu\AppData\Local\Microsoft" *



* Dans "C:\Users\Manu\AppData\Local\virtualstore\windows\system32" *



* Dans "C:\Users\Manu\AppData\Local" *



*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users\Manu\AppData\Local\Microsoft" *


* Suppression dans "C:\Users\Manu\AppData\Local\virtualstore\windows\system32" *


* Suppression dans "C:\Users\Manu\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans c:\users\manu\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\Manu\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\Manu\AppData\Roaming" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Manu\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *


* Dans "C:\Users\Manu\AppData\Local\Microsoft" *


* Dans "C:\Users\Manu\AppData\Local\virtualstore\windows\system32" *


* Dans "C:\Users\Manu\AppData\Local" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Clés RUN orphelines Navipromo ***
!! Résultats temporairement non pris en charge !!
!! Les clés trouvées ne sont pas forcément infectées !!

Clés trouvés :

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gkeumco"="c:\\users\\manu\\appdata\\local\\gkeumco.exe gkeumco"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igiccym"="c:\\users\\manu\\appdata\\local\\igiccym.exe igiccym"



*** Nettoyage terminé le 03/09/2008 à 15:34:15,37 ***


############################################
-----------------Voici le rapport HJT suite au rapport Cleannavi-----------------------------------------
###################################################

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:40:43, on 03/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\logiciel\NetMeter\NetMeter.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Manu\Desktop\vpngui.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\System32\wsqmcons.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=FR_FR&c=71&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\logiciel\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [gkeumco] c:\users\manu\appdata\local\gkeumco.exe gkeumco
O4 - HKCU\..\Run: [igiccym] c:\users\manu\appdata\local\igiccym.exe igiccym
O4 - HKCU\..\Run: [ecomykk] "c:\users\manu\appdata\local\ecomykk.exe" ecomykk
O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [C:\Program Files\logiciel\NetMeter\NetMeter.exe] C:\Program Files\logiciel\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE

LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8F695B-B6E2-4BD1-8DAF-B64F7C7B25A0}: Domain = insa-lyon.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8F695B-B6E2-4BD1-8DAF-B64F7C7B25A0}: NameServer =

134.214.100.6,134.214.100.245
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = insa-lyon.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = insa-lyon.fr
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick

Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common

Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN

Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health

Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio

MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company -

C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia

Shared\Service\Macromedia Licensing.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0

\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing

Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 9863 bytes

pas ici,légitime...
O13 - Gopher Prefix: légitime sous vista
et pour O4 - Global Startup: VPN Client.lnk = ? on verra après
La désinfection n'est JAMAIS terminée tant que le helper ne ­l'a pas décidé!!
PAS de désinfection par MP!!
Bienvenue sur CCM.

Voila le rapport combofix et le rapport HJT.
Pour info sur "O4 - Global Startup: VPN Client.lnk = ? on verra après", VPN correspond à un logiciel utilisé pour se connecter au net par l'intermédiaire de Cisco dans ma résidence étudiante.


########################################################
------------------------------Rapport Combofix-------------------------------------------------------------
########################################################

ComboFix 08-09-01.05 - Manu 2008-09-03 16:27:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.363 [GMT 2:00]
Endroit: C:\Users\Manu\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Manu\AppData\Roaming\inst.exe
C:\Users\Manu\AppData\Roaming\macromedia\Flash Player\#SharedObjects\VGX4HXFE\bin.clearspring.com
C:\Users\Manu\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Users\Manu\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@2o7[1].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@ad.yieldmanager[2].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@clicktorrent[1].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@edt02[2].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@serving-sys[2].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@www.clicktorrent[2].txt
C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Cookies\manu@wysistat[2].txt

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-03 to 2008-09-03 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 13:52 --------- d-----w C:\Users\Manu\AppData\Roaming\Skype
2008-09-03 13:35 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 4
2008-09-03 13:34 --------- d-----w C:\Program Files\Navilog1
2008-09-03 08:56 49,070 ----a-w C:\Users\Manu\AppData\Roaming\nvModes.dat
2008-08-31 10:19 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-17 09:06 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-16 08:13 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-14 16:53 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 12:37 --------- d-----w C:\Program Files\Microsoft Works
2008-07-30 14:48 --------- d-----w C:\Program Files\Avast4
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-13 17:45 --------- d-----w C:\Program Files\DivX
2008-07-12 03:53 174 --sha-w C:\Program Files\desktop.ini
2008-07-05 10:08 --------- d-----w C:\Program Files\iTunes
2008-07-05 10:07 --------- d-----w C:\Program Files\iPod
2008-07-05 10:01 --------- d-----w C:\Program Files\logiciel
2008-07-05 09:54 --------- d-----w C:\Program Files\Apple Software Update
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-01-02 11:33 47,360 ----a-w C:\Users\Manu\AppData\Roaming\pcouffin.sys
2007-05-23 18:12 926 ----a-w C:\Users\Manu\AppData\Roaming\wklnhst.dat
2007-08-14 17:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-14 17:07 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-14 17:07 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w C:\Windows\System32\Smab0.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-07-14 20034600]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]
"Google Update"="C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"C:\Program Files\logiciel\NetMeter\NetMeter.exe"="C:\Program Files\logiciel\NetMeter\NetMeter.exe" [2007-06-02 330240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-18 77824]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-28 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\logiciel\quicktime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - C:\Windows\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-02-26 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.l3acm"= l3codecp.acm
"vidc.DIV3"= DivXc32.dll
"vidc.MJPG"= m3jpeg32.dll
"msacm.DivXa32"= msaud32_divx.acm
"vidc.div4"= DivXc32f.dll
"vidc.dmb1"= m3jpeg32.dll
"vidc.jpeg"= m3jpeg32.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-124188700-1687320406-2883521384-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{050CC300-DECD-4AD7-811C-83818ECBD84C}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4CBB9EE7-0F3A-4F8C-8D19-FF16950DA67C}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E69EF1B0-AAE5-4ED9-B32F-E621B97A755C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{9B1484D8-CBAC-4A19-A476-CBE636BCF346}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7DA5CA34-4599-4620-8761-A106AE746E8D}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{76720941-65FD-4759-BEF1-A58691ACFFCC}"= UDP:45116:Emu
"{DEF02AAB-AA77-47C1-B869-E0302EF853CD}"= TCP:24136:Emu
"TCP Query User{45CBC56F-DD50-43CE-ADF4-F9C236FC4EA8}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{23A6646A-F7CA-4218-BD7D-5AEF88D3B84F}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{9E3315B1-8992-4817-A8C6-41886AF714C4}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{FE477B02-6A99-45F9-A142-55932E1BFA82}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{EFDEDC77-9D2C-4886-9861-A5E8B5BF5331}C:\\program files\\tv\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tv\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{77A8CAE1-15CD-4BCB-BB1D-44AECA5C6CF6}C:\\program files\\tv\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tv\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{4D8AB1FF-1A44-42BE-8B96-B1C88486697A}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AF5160D7-54B1-4F97-B683-0932EAD0CD32}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{9EDA90D8-36E2-4E7D-ACC2-FA535D63F2B5}C:\\program files\\tv\\sopcast\\sopcast.exe"= UDP:C:\program files\tv\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{55149E0D-0DA5-44B8-BCC0-61EDD694C8A5}C:\\program files\\tv\\sopcast\\sopcast.exe"= TCP:C:\program files\tv\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{7EA9E909-927C-4BEE-A3E4-552EA9BFD42C}C:\\users\\manu\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\manu\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{CD41366A-EC3F-400F-8A2F-57E1B954FDC1}C:\\users\\manu\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\manu\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{F4C36C0B-54BB-4275-8DE3-FA72B7435C9F}C:\\program files\\dc++\\dcplusplus.exe"= UDP:C:\program files\dc++\dcplusplus.exe:DC++
"UDP Query User{9549F2C3-7BBF-4A7D-87D5-CE679D2CAC4C}C:\\program files\\dc++\\dcplusplus.exe"= TCP:C:\program files\dc++\dcplusplus.exe:DC++
"TCP Query User{4365171B-6B9A-4B6B-A5B5-D52AD00D6119}C:\\program files\\ppmate\\ppmnet.exe"= UDP:C:\program files\ppmate\ppmnet.exe:ppmnet Module
"UDP Query User{674E2F74-8325-43EB-BA8C-A759D754F277}C:\\program files\\ppmate\\ppmnet.exe"= TCP:C:\program files\ppmate\ppmnet.exe:ppmnet Module
"TCP Query User{38F6D727-F263-491C-B237-29C4B5E29129}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{437CAC95-B019-4B57-9E31-1379CD209B32}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"TCP Query User{41489337-2D7B-4E1E-A140-31F40D987D83}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{9303BD37-610D-4B0B-B318-80ECD9C0CDB0}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{A3DB73BF-2CA4-44D7-B5DD-8314BC7DF760}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{176915CC-B317-4736-A19D-3CF57A49DDD9}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{89BF5E67-B323-4DD9-932A-694692885B2E}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{32A9C596-27B3-4355-926D-15B623E6B0EF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{36D5295B-9BF0-40E7-9400-5818D6169E04}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{69089EFC-1744-4516-B238-55D752AB706B}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{76ED5E5A-971E-463A-BEF7-E2B9B3D2EA71}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{7A665FC1-A1C2-428F-A6B2-4E44D1653B17}C:\\program files\\valve\\hl.exe"= UDP:C:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{C09000C0-724D-4CEC-B808-07DB0D02C523}C:\\program files\\valve\\hl.exe"= TCP:C:\program files\valve\hl.exe:Half-Life Launcher
"TCP Query User{CBA4DF1F-3F96-4D9B-9544-FA224A88D68C}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{BA676734-8711-4E46-BB07-E6BC27476F60}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{176886E1-A406-4B74-A302-F1039CA0A2FD}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{01FF924D-F78F-4694-95FF-26D8DC4FC87B}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{89F862A5-AEB4-4435-80E2-D6D960628E29}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{AD4489A7-4A4A-4E31-9364-5619F4450CA7}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{9E472CD5-728B-4BE4-8862-A71347BD3E7E}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{6BFB616C-0D3E-4732-A44A-51335FE73B90}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"{56DA606D-3671-4389-9D82-5C635CF891C2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0481D1C5-FB81-47BE-94FD-1EFB791734D8}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{1F4AA5F2-0410-4A7A-8E4E-4FE9E907964B}C:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= UDP:C:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"UDP Query User{77F13AAF-B0E7-425C-839F-2D8593983367}C:\\program files\\mozilla firefox 3 beta 4\\firefox.exe"= TCP:C:\program files\mozilla firefox 3 beta 4\firefox.exe:Firefox
"{A7B481B9-F98F-4249-AAD7-1D9B63DD20B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{DC5233EA-56AE-46D9-B49E-A130B8FF6CA1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R3 vidcap;vidcap;C:\Windows\system32\DRIVERS\vidcap.sys [2006-12-27 9006]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-19 87288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{473c518d-1b43-11dd-83e7-001636e83f77}]
\shell\AutoRun\command - H:\loader.exe /no hidden
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ecomykk - c:\users\manu\appdata\local\ecomykk.exe
HKLM-Run-Easy PDF Creator - C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Manu\AppData\Roaming\Mozilla\Firefox\Profiles\zx93sr10.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava11.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava12.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava13.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava14.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjava32.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
FF -: plugin - C:\Program Files\Java\jre1.6.0\bin\npoji610.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\logiciel\quicktime\Plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\np-mswmp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\np32dsw.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npdivx32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npDivxPlayerPlugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npnul32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin6.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npqtplugin7.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\nprjplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\nprpjplug.dll
FF -: plugin - C:\Users\Manu\AppData\Local\Google\Update\1.2.131.11\npGoogleOneClick5.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 16:35:49
Windows 6.0.6000 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"C:\\Program Files\\logiciel\\NetMeter\\NetMeter.exe"="C:\\Program Files\\logiciel\\NetMeter\\NetMeter.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-03 16:46:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-03 14:45:28

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 5,751,095,296 octets libres

254 --- E O F --- 2008-08-21 20:25:26


########################################################
------------------------------Rapport HJT Retour a la ligné décoché-------------------------------------------------------------
########################################################



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:30, on 03/09/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\logiciel\NetMeter\NetMeter.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Manu\Desktop\vpngui.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\logiciel\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [Google Update] "C:\Users\Manu\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [C:\Program Files\logiciel\NetMeter\NetMeter.exe] C:\Program Files\logiciel\NetMeter\NetMeter.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8F695B-B6E2-4BD1-8DAF-B64F7C7B25A0}: Domain = insa-lyon.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF8F695B-B6E2-4BD1-8DAF-B64F7C7B25A0}: NameServer = 134.214.100.6,134.214.100.245
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = insa-lyon.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = insa-lyon.fr
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 8950 bytes

Arf... , j'ai un petit soucis pour lancer le script RunThis.bat: apès le double-clic, une fenêtre s'ouvre puis se referme aussitôt. Je ne peux donc pas appuyer sur la touche "Y". Est-ce normal? Que dois-je faire?

Merci

Apparemment, cette action de change rien chez moi: même avec la case décochée, la fenêtre se ferme toujours après le lancement du script...