Redirections sur internet

dedenast -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
Depuis quelques jours, lorsque je clique sur un lien( firefox et ie et opera), il me redirige vers "mamma partners", et des sites du genre...
J'ai avast. pouvez-vous m'aider svp.
Configuration: Windows Vista
Firefox 3.0.5

10 réponses

  1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    Télécharge Rooter de l'équipe IDN sur ton bureau :
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2

    ! Déconnecte toi d'internet et ferme toutes applications en cours !

    * Exécute Rooter et laisse travailler l'outil .

    * Une fois terminé, poste le rapport obtenu pour analyse ...

    ================
    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    .

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit

    =======================

    On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    * Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

    Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.
    0
  2. dedenast
     
    Merci pour votre réponse,
    voila pour rooter:

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz )
    BIOS : Default System BIOS
    USER : André ( Administrator )
    BOOT : Normal boot

    C:\ (Local Disk) - NTFS - Total:288 Go (Free:119 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)

    10/01/2009|17:57

    ----------------------\\ Search..

    C:\Users\ANDR~1\AppData\Local\keacqaw.dat
    C:\Users\ANDR~1\AppData\Local\keacqaw_nav.dat
    C:\Users\ANDR~1\AppData\Local\keacqaw_navps.dat
    [b]==> NAVIPROMO <==[/b]

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.114.68,85.255.112.150
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.114.68,85.255.112.150
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.114.68,85.255.112.150
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}]
    NameServer REG_SZ 85.255.114.68,85.255.112.150
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.114.68,85.255.112.150
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}]
    NameServer REG_SZ 85.255.114.68,85.255.112.150
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.114.68,85.255.112.150
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}]
    NameServer REG_SZ 85.255.114.68,85.255.112.150
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.114.68,85.255.112.150
    [b]==> WAREOUT <==[/b]

    ----------------------\\ Cracks & Keygens..

    C:\Users\ANDR~1\Desktop\Keymaker

    1 - "C:\Rooter$\Rooter_1.txt" - 10/01/2009|17:59

    ----------------------\\ Scan completed at 17:59

    J'ai aussi fait un rapport hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:30:57, on 10/01/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: FlashGet urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}: NameServer = 85.255.114.68,85.255.112.150
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}: NameServer = 85.255.114.68,85.255.112.150
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150
    O18 - Protocol: Skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
    O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
    0
  3. dedenast
     
    Voici le rapport RSIT:

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by André at 2009-01-10 18:08:46
    Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
    System drive C: has 122 GB (41%) free of 296 GB
    Total RAM: 3068 MB (47% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:08:50, on 10/01/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\system32\conime.exe
    C:\Users\André\Downloads\RSIT.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\André\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\André.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [XP] C:\Program Files\CHRYOPROD\Spy-IT\spy-it.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O13 - Gopher Prefix:
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O17 - HKLM\System\CCS\Services\Tcpip\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}: NameServer = 85.255.114.68,85.255.112.150
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}: NameServer = 85.255.114.68,85.255.112.150
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
    O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
    0
  4. dedenast
     
    Et enfin le rapport de combofix:

    ComboFix 09-01-09.03 - André 2009-01-10 18:18:00.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3068.2228 [GMT 1:00]
    Lancé depuis: c:\users\André\Downloads\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\components\iamfamous.dll
    C:\resycled
    c:\resycled\boot.com
    c:\users\André\AppData\Local\keacqaw.dat
    c:\users\André\AppData\Local\keacqaw_nav.dat
    c:\users\André\AppData\Local\keacqaw_navps.dat
    c:\users\André\AppData\Roaming\.#
    c:\windows\system32\drivers\msqpdxcqvcpejx.sys
    c:\windows\system32\msqpdxpjrxoiqr.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_MSQPDXSERV.SYS
    -------\Service_MSQPDXSERV.SYS

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-10 au 2009-01-10 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-10 18:05 . 2009-01-10 18:05 <REP> d-------- C:\rsit
    2009-01-10 17:57 . 2009-01-10 17:59 <REP> d-------- C:\Rooter$
    2009-01-10 15:48 . 2009-01-10 15:48 1,004 --ahs---- c:\windows\System32\sys_drv.dat
    2009-01-10 15:43 . 2009-01-10 15:43 <REP> d-------- c:\users\André\AppData\Roaming\Download Manager
    2009-01-10 15:43 . 2009-01-10 15:43 <REP> d-------- c:\program files\Folder Lock 6
    2009-01-10 15:43 . 2009-01-10 15:43 180,224 --a------ c:\windows\System32\WinVd32.sys
    2009-01-10 15:43 . 2009-01-10 15:43 16,384 --a------ c:\windows\System32\WinFl32.sys
    2009-01-10 15:42 . 2009-01-10 15:42 118 -r-hs---- c:\users\param.ini
    2009-01-10 15:41 . 2009-01-10 15:42 <REP> d-------- c:\program files\CHRYOPROD
    2009-01-10 15:30 . 2009-01-10 15:30 <REP> d-------- c:\program files\Trend Micro
    2009-01-10 14:15 . 2009-01-10 14:15 <REP> d-------- c:\windows\System32\Kaspersky Lab
    2009-01-10 11:22 . 2009-01-10 11:22 <REP> d-------- c:\program files\Alwil Software
    2009-01-10 11:22 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
    2009-01-10 11:05 . 2009-01-10 11:05 0 --a------ c:\windows\nsreg.dat
    2009-01-09 20:21 . 2009-01-09 20:21 <REP> d-------- C:\totalcmd
    2009-01-09 14:26 . 2009-01-10 11:19 <REP> d-------- c:\users\All Users\Kaspersky Lab
    2009-01-09 14:26 . 2009-01-10 11:19 <REP> d-------- c:\programdata\Kaspersky Lab
    2009-01-09 14:16 . 2009-01-10 09:20 <REP> d-------- c:\users\All Users\Kaspersky Lab Setup Files
    2009-01-09 14:16 . 2009-01-10 09:20 <REP> d-------- c:\programdata\Kaspersky Lab Setup Files
    2009-01-09 13:49 . 2009-01-09 13:49 <REP> d-------- c:\program files\LiveSwif
    2009-01-05 19:52 . 2009-01-05 19:52 <REP> d-------- c:\users\André\AppData\Roaming\Sony
    2009-01-05 19:36 . 2009-01-05 19:36 <REP> d-------- c:\users\André\AppData\Roaming\Publish Providers
    2009-01-05 19:36 . 2009-01-05 19:36 <REP> d-------- c:\users\André\AppData\Roaming\NetMedia Providers
    2009-01-05 18:25 . 2009-01-05 18:25 <REP> d-------- c:\program files\Vstplugins
    2009-01-05 18:24 . 2009-01-05 18:24 <REP> d-------- c:\program files\Sony Setup
    2009-01-05 18:24 . 2009-01-05 18:24 <REP> d-------- c:\program files\Sony
    2009-01-02 20:19 . 1998-10-07 13:08 327,168 --a------ c:\windows\IsUn040c.exe
    2009-01-02 20:19 . 2009-01-02 20:19 0 --a------ c:\windows\setup32.INI
    2009-01-01 21:44 . 2009-01-10 09:20 <REP> d-------- c:\program files\WinHex
    2008-12-31 17:15 . 2008-12-31 17:15 <REP> d-------- c:\users\André\AppData\Roaming\InstallShield
    2008-12-31 17:15 . 2008-12-31 17:15 <REP> d-------- c:\users\All Users\Sony Ericsson
    2008-12-31 17:15 . 2008-12-31 17:15 <REP> d-------- c:\programdata\Sony Ericsson
    2008-12-31 17:15 . 2008-05-16 12:33 89,256 --a------ c:\windows\System32\drivers\s0016bus.sys
    2008-12-31 17:15 . 2008-05-16 12:33 12,200 --a------ c:\windows\System32\drivers\s0016whnt.sys
    2008-12-31 17:15 . 2008-05-16 12:33 12,200 --a------ c:\windows\System32\drivers\s0016wh.sys
    2008-12-30 22:19 . 2008-12-31 22:13 404,449,906 --a------ c:\windows\MEMORY.DMP
    2008-12-30 21:11 . 2006-08-23 11:24 526,184 --a------ c:\windows\System32\XceedCry.dll
    2008-12-30 21:11 . 2003-12-15 11:23 279,392 --a------ c:\windows\System32\XceedFtp.dll
    2008-12-30 19:53 . 2008-12-30 19:53 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-12-30 11:30 . 2009-01-10 09:20 <REP> d-------- c:\program files\Opera
    2008-12-30 10:30 . 2009-01-10 09:20 <REP> d-------- c:\program files\mTC
    2008-12-28 17:14 . 2008-12-30 11:31 <REP> d-------- c:\users\André\AppData\Roaming\Opera
    2008-12-25 17:16 . 2008-12-25 17:16 <REP> d-------- c:\program files\7-Zip
    2008-12-25 10:10 . 2008-12-25 10:10 <REP> d-------- c:\users\All Users\Codemasters
    2008-12-25 10:10 . 2008-12-25 10:10 <REP> d-------- c:\programdata\Codemasters
    2008-12-25 09:49 . 2008-12-25 09:49 <REP> d-------- c:\program files\OpenAL
    2008-12-25 09:49 . 2008-04-28 15:53 805,400 -ra------ c:\windows\System32\tmp2F6A.tmp
    2008-12-25 09:49 . 2008-12-25 09:49 444,952 --a------ c:\windows\System32\wrap_oal.dll
    2008-12-25 09:49 . 2008-12-25 09:49 109,080 --a------ c:\windows\System32\OpenAL32.dll
    2008-12-25 09:48 . 2008-04-28 15:53 805,400 -ra------ c:\windows\System32\tmp2F3A.tmp
    2008-12-25 09:29 . 2008-12-25 09:29 <REP> d-------- c:\program files\Codemasters
    2008-12-25 08:52 . 2008-12-25 08:52 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_xusb21_01001.Wdf
    2008-12-25 08:48 . 2008-12-25 08:48 <REP> d-------- c:\program files\Microsoft Xbox 360 Accessories
    2008-12-22 17:27 . 2008-12-22 17:27 <REP> d-------- c:\program files\Common Files\Atlence
    2008-12-22 16:31 . 2008-12-22 16:31 <REP> d-------- c:\users\André\AppData\Roaming\FlashGet
    2008-12-22 16:31 . 2008-12-22 16:31 <REP> d-------- c:\program files\FlashGet
    2008-12-22 10:01 . 2008-12-22 10:02 <REP> d-------- c:\program files\Microsoft Visual Studio 9.0
    2008-12-22 10:00 . 2008-12-22 10:00 <REP> d-------- c:\program files\Microsoft SDKs
    2008-12-22 09:59 . 2008-12-22 09:59 <REP> d-------- c:\program files\Install Creator
    2008-12-22 09:52 . 2008-12-22 09:52 <REP> d-------- C:\[u]0/u9ce6b9f813f2abd2648
    2008-12-20 21:11 . 2008-12-20 21:11 <REP> d-------- c:\program files\VistaCodecPack
    2008-12-20 21:07 . 2008-12-20 21:07 <REP> d-------- c:\users\All Users\VistaCodecs
    2008-12-20 21:07 . 2008-12-20 21:07 <REP> d-------- c:\programdata\VistaCodecs
    2008-12-20 15:30 . 2008-12-31 17:15 <REP> d-------- c:\program files\Sony Ericsson
    2008-12-19 13:25 . 2008-06-26 02:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll
    2008-12-19 13:25 . 2008-06-26 02:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll
    2008-12-19 13:25 . 2008-06-26 04:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll
    2008-12-19 13:24 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll
    2008-12-19 13:24 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll
    2008-12-19 13:24 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax
    2008-12-19 13:24 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
    2008-12-19 13:24 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax
    2008-12-19 13:24 . 2008-04-23 05:41 57,856 --a------ c:\windows\System32\MSDvbNP.ax
    2008-12-19 13:14 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb
    2008-12-15 21:07 . 2008-12-15 21:07 <REP> d-------- c:\program files\Google
    2008-12-15 17:18 . 2009-01-03 10:18 <REP> d-------- c:\users\André\AppData\Roaming\skypePM
    2008-12-15 17:18 . 2008-12-15 17:18 32 --a------ c:\users\All Users\ezsid.dat
    2008-12-15 17:18 . 2008-12-15 17:18 32 --a------ c:\programdata\ezsid.dat
    2008-12-14 22:23 . 2009-01-03 12:13 <REP> d-------- c:\users\André\AppData\Roaming\Skype
    2008-12-14 22:21 . 2008-12-14 22:21 <REP> d-------- c:\users\All Users\Skype
    2008-12-14 22:21 . 2008-12-14 22:21 <REP> d-------- c:\programdata\Skype
    2008-12-14 22:21 . 2008-12-14 22:21 <REP> d-------- c:\program files\Skype
    2008-12-14 22:21 . 2008-12-14 22:21 <REP> d-------- c:\program files\Common Files\Skype
    2008-12-14 14:30 . 2008-12-14 14:31 <REP> d-------- c:\users\André\AppData\Roaming\muvee Technologies
    2008-12-14 14:29 . 2008-12-14 14:29 <REP> d-------- c:\users\All Users\TEMP
    2008-12-14 14:29 . 2008-12-14 14:29 <REP> d-------- c:\programdata\TEMP
    2008-12-14 14:02 . 2009-01-08 14:53 <REP> d-------- c:\users\André\AppData\Roaming\FileZilla
    2008-12-14 14:02 . 2008-12-14 14:02 <REP> d-------- c:\program files\FileZilla FTP Client
    2008-12-13 20:53 . 2008-12-13 20:53 1,700,352 --a------ c:\windows\System32\gdiplus.dll
    2008-12-13 20:21 . 2008-12-13 20:21 <REP> d-------- c:\users\André\AppData\Roaming\GTek
    2008-12-13 12:24 . 2008-12-13 12:24 <REP> d-------- c:\windows\PCHEALTH
    2008-12-13 12:24 . 2008-12-13 12:24 <REP> d-------- c:\program files\Microsoft.NET
    2008-12-13 12:21 . 2008-12-13 12:21 <REP> d-------- c:\program files\Microsoft Visual Studio 8
    2008-12-13 12:19 . 2008-12-13 12:19 <REP> dr-h----- C:\MSOCache
    2008-12-12 21:35 . 2009-01-10 09:21 <REP> d-------- c:\users\André\Bureau
    2008-12-12 21:35 . 2009-01-10 09:21 <REP> d-------- c:\users\André\Bureau
    2008-12-12 21:13 . 2008-12-14 13:55 <REP> d-------- c:\users\André\AppData\Roaming\Real
    2008-12-12 21:13 . 2008-12-12 21:13 <REP> d-------- c:\program files\Real
    2008-12-12 21:13 . 2008-12-12 21:13 <REP> d-------- c:\program files\Common Files\xing shared
    2008-12-12 21:13 . 2008-12-12 21:13 <REP> d-------- c:\program files\Common Files\Real
    2008-12-12 17:13 . 2008-05-27 06:17 6,103,040 --a------ c:\windows\System32\chtbrkr.dll
    2008-12-12 17:13 . 2008-05-27 06:17 1,671,680 --a------ c:\windows\System32\chsbrkr.dll
    2008-12-12 17:13 . 2008-05-27 06:21 1,582,592 --a------ c:\windows\System32\tquery.dll
    2008-12-12 17:13 . 2008-05-27 06:21 1,418,240 --a------ c:\windows\System32\mssrch.dll
    2008-12-12 17:13 . 2008-05-27 06:18 670,208 --a------ c:\windows\System32\mssvp.dll
    2008-12-12 17:13 . 2008-05-27 06:18 439,808 --a------ c:\windows\System32\SearchIndexer.exe
    2008-12-12 17:13 . 2008-05-27 06:18 350,208 --a------ c:\windows\System32\mssph.dll
    2008-12-12 17:13 . 2008-05-27 06:18 203,776 --a------ c:\windows\System32\mssphtb.dll
    2008-12-12 17:13 . 2008-05-27 06:18 184,832 --a------ c:\windows\System32\SearchProtocolHost.exe
    2008-12-12 17:13 . 2008-05-27 06:18 136,704 --a------ c:\windows\System32\nlhtml.dll
    2008-12-12 17:13 . 2008-05-27 06:17 60,416 --a------ c:\windows\System32\msscntrs.dll
    2008-12-12 17:13 . 2008-05-27 06:18 56,320 --a------ c:\windows\System32\xmlfilter.dll
    2008-12-12 17:13 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll
    2008-12-12 17:09 . 2008-12-12 17:09 <REP> d-------- c:\program files\MSXML 4.0
    2008-12-12 15:31 . 2000-08-21 12:22 1,388,544 --a------ c:\windows\System32\temp.00D
    2008-12-12 15:31 . 2000-06-13 11:50 1,077,610 --a------ c:\windows\System32\temp.00A
    2008-12-12 15:31 . 2000-06-13 11:50 164,112 --a------ c:\windows\System32\temp.008
    2008-12-12 15:31 . 2000-06-13 11:50 147,728 --a------ c:\windows\System32\temp.00B
    2008-12-12 15:31 . 2001-02-16 07:44 106,547 --a------ c:\windows\System32\temp.007
    2008-12-12 15:31 . 2000-06-13 11:50 22,288 --a------ c:\windows\System32\temp.00C
    2008-12-12 15:31 . 2000-06-13 11:50 17,920 --a------ c:\windows\System32\temp.009
    2008-12-12 12:47 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe
    2008-12-12 12:47 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll
    2008-12-12 12:47 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll
    2008-12-12 12:47 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-10 17:18 3,407,872 --sha-w c:\users\André\ntuser.dat
    2009-01-10 17:18 3,407,872 --sha-w c:\users\André\ntuser.dat
    2009-01-10 17:15 42,559 ----a-w c:\users\All Users\nvModes.dat
    2009-01-10 17:15 42,559 ----a-w c:\programdata\nvModes.dat
    2009-01-10 14:43 --------- d-----w c:\users\André\AppData\Roaming\Download Manager
    2009-01-10 13:19 --------- d-----w c:\users\André\AppData\Roaming\Mozilla
    2009-01-10 08:24 --------- d-----w c:\program files\Common Files\Symantec Shared
    2009-01-10 08:20 --------- d-----w c:\users\André\AppData\Roaming\vlc
    2009-01-10 08:20 --------- d-----w c:\users\André\AppData\Roaming\dvdcss
    2009-01-10 08:20 --------- d-----w c:\users\André\AppData\Roaming\DAEMON Tools
    2009-01-10 08:20 --------- d-----w c:\program files\LMSOFT Web Creator Pro 4
    2009-01-10 08:19 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-10 08:19 --------- d-----w c:\program files\Hewlett-Packard
    2009-01-10 08:19 --------- d-----w c:\program files\CopyRightLeft
    2009-01-09 20:51 --------- d-----w c:\programdata\Symantec
    2009-01-09 07:22 --------- d-----w c:\program files\Java
    2009-01-08 13:53 --------- d-----w c:\users\André\AppData\Roaming\FileZilla
    2009-01-05 18:52 --------- d-----w c:\users\André\AppData\Roaming\Sony
    2009-01-05 18:36 --------- d-----w c:\users\André\AppData\Roaming\Publish Providers
    2009-01-05 18:36 --------- d-----w c:\users\André\AppData\Roaming\NetMedia Providers
    2009-01-04 17:35 --------- d-----w c:\users\André\AppData\Roaming\Hewlett-Packard
    2009-01-03 11:13 --------- d-----w c:\users\André\AppData\Roaming\Skype
    2009-01-03 09:57 --------- d-s---w c:\users\André\AppData\Roaming\Microsoft
    2009-01-03 09:18 --------- d-----w c:\users\André\AppData\Roaming\skypePM
    2008-12-31 16:15 --------- d-----w c:\users\André\AppData\Roaming\InstallShield
    2008-12-30 10:31 --------- d-----w c:\users\André\AppData\Roaming\Opera
    2008-12-22 15:31 --------- d-----w c:\users\André\AppData\Roaming\FlashGet
    2008-12-22 09:24 --------- d-----w c:\program files\GTA_SA_carspawner
    2008-12-22 09:04 --------- d-----w c:\programdata\Microsoft Help
    2008-12-21 19:24 --------- d-----w c:\program files\Rockstar Games
    2008-12-20 20:49 --------- d-----w c:\program files\DAEMON Tools Lite
    2008-12-20 14:46 8,704 ----a-w c:\windows\system32\drivers\ggsemc.sys
    2008-12-19 19:37 --------- d-----w c:\users\André\AppData\Roaming\Adobe
    2008-12-17 16:54 --------- d-----w c:\programdata\CyberLink
    2008-12-16 19:00 --------- d-----w c:\users\André\AppData\Roaming\KompoZer
    2008-12-14 13:31 --------- d-----w c:\users\André\AppData\Roaming\muvee Technologies
    2008-12-14 12:55 --------- d-----w c:\users\André\AppData\Roaming\Real
    2008-12-13 19:21 --------- d-----w c:\users\André\AppData\Roaming\GTek
    2008-12-13 11:25 --------- d-----w c:\program files\MSBuild
    2008-12-13 11:25 --------- d-----w c:\program files\Microsoft Works
    2008-12-12 20:11 --------- d-----w c:\program files\MSECache
    2008-12-12 16:26 --------- d-----w c:\program files\Windows Mail
    2008-12-11 17:41 --------- d-----w c:\users\André\AppData\Roaming\acccore
    2008-12-07 17:44 --------- d-----w c:\program files\imgTools
    2008-12-03 19:33 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
    2008-12-03 19:29 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
    2008-12-02 16:59 --------- d-----w c:\programdata\WinZip
    2008-12-02 16:45 --------- d-----w c:\programdata\Autodesk
    2008-12-02 16:34 --------- d-----w c:\program files\Common Files\Autodesk Shared
    2008-12-02 16:34 --------- d-----w c:\program files\Autodesk
    2008-12-02 09:13 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
    2008-12-01 18:41 --------- d-----w c:\users\André\AppData\Roaming\Thinstall
    2008-12-01 17:26 --------- d-----w c:\users\André\AppData\Roaming\Media Player Classic
    2008-11-30 19:16 --------- d-----w c:\users\André\AppData\Roaming\CyberLink
    2008-11-30 16:47 --------- d-----w c:\program files\Common Files\Adobe
    2008-11-29 17:20 --------- d-----w c:\users\André\AppData\Roaming\Notepad++
    2008-11-29 17:00 --------- d-----w c:\program files\wamp
    2008-11-29 17:00 --------- d-----w c:\program files\Notepad++
    2008-11-29 16:09 --------- d-----w c:\programdata\Ubisoft
    2008-11-29 10:50 --------- d-----w c:\program files\Blog
    2008-11-29 10:03 --------- d--h--r c:\users\André\AppData\Roaming\SecuROM
    2008-11-29 07:45 --------- d-----w c:\program files\VirtualDJ
    2008-11-26 14:45 --------- d-----w c:\program files\Common Files\Logitech
    2008-11-26 14:44 --------- d-----w c:\program files\Logitech
    2008-11-25 19:59 --------- d-----w c:\programdata\WildTangent
    2008-11-25 19:52 --------- d-----w c:\program files\HP Games
    2008-11-23 16:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
    2008-11-23 13:03 90 ----a-w c:\users\André\AppData\Roaming\wklnhst.dat
    2008-11-22 11:26 --------- d-----w c:\program files\Electronic Arts
    2008-11-20 19:05 --------- d-----w c:\users\André\AppData\Roaming\Apple Computer
    2008-11-20 19:04 --------- d-----w c:\programdata\Apple Computer
    2008-11-20 19:04 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-20 19:04 --------- d-----w c:\program files\iTunes
    2008-11-20 19:04 --------- d-----w c:\program files\iPod
    2008-11-20 19:03 --------- d-----w c:\program files\Common Files\Apple
    2008-11-20 19:03 --------- d-----w c:\program files\Bonjour
    2008-11-20 19:01 --------- d-----w c:\program files\QuickTime
    2008-11-20 19:01 --------- d-----w c:\program files\Free Easy Burner
    2008-11-20 19:00 --------- d-----w c:\programdata\Apple
    2008-11-20 19:00 --------- d-----w c:\program files\Apple Software Update
    2008-11-20 18:58 --------- d-----w c:\program files\VideoLAN
    2008-11-20 18:57 --------- d-----w c:\program files\Free Video Converter
    2008-11-20 18:56 --------- d-----w c:\program files\Audacity
    2008-11-20 16:10 --------- d-----w c:\program files\Common Files\Pinnacle
    2008-11-20 16:09 --------- d-----w c:\programdata\Pinnacle Studio Ultimate
    2008-11-20 16:05 --------- d-----w c:\programdata\Studio 12
    2008-11-20 16:05 --------- d-----w c:\programdata\Pinnacle Studio Plus
    2008-11-20 16:05 --------- d-----w c:\programdata\Pinnacle
    2008-11-20 16:05 --------- d-----w c:\program files\Pinnacle
    2008-11-20 16:05 --------- d-----w c:\program files\Common Files\Yahoo!
    2008-11-18 20:45 --------- d-----w c:\program files\AviSynth 2.5
    2008-11-18 20:44 --------- d-----w c:\program files\eRightSoft
    2008-11-18 20:12 --------- d-----w c:\users\André\AppData\Roaming\PlayFirst
    2008-11-18 20:12 --------- d-----w c:\users\André\AppData\Roaming\Macromedia
    2008-11-18 16:56 --------- d-----w c:\programdata\AOL OCP
    2008-11-18 16:56 --------- d-----w c:\programdata\AOL
    2008-11-18 16:41 --------- d-----w c:\users\André\AppData\Roaming\Template
    2008-11-18 16:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-11-18 10:45 --------- d-----w c:\users\André\AppData\Roaming\Magic Academy
    2008-11-17 17:44 --------- d-----w c:\program files\Madrics Nebular USB Analog Controller
    2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe
    2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe
    2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe
    2005-10-07 18:14 308,224 --sha-r c:\windows\System32\avisynth.dll
    2005-07-14 11:31 27,648 --sha-r c:\windows\System32\AVSredirect.dll
    2005-06-26 14:32 616,448 --sha-r c:\windows\System32\cygwin1.dll
    2005-06-21 21:37 45,568 --sha-r c:\windows\System32\cygz.dll
    2004-01-24 23:00 70,656 --sha-r c:\windows\System32\i420vfw.dll
    2005-12-22 19:23 816,640 --sha-r c:\windows\System32\smab.dll
    2005-02-28 12:16 240,128 --sha-r c:\windows\System32\x.264.exe
    2004-01-24 23:00 70,656 --sha-r c:\windows\System32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.i420"= i420vfw.dll
    "msacm.l3codecp"= l3codecp.acm
    "vidc.mjpg"= pvmjpg30.dll
    "msacm.divxa32"= divxa32.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Users^André^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\users\André\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    --a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    --a------ 2008-02-26 13:08 2289664 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
    -ra------ 2008-11-14 14:35 305064 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-12-12 21:13 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1F1A5F2C-0E0D-49F9-BD15-679FC4717866}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{2356F9ED-8EC9-4BF1-AC9F-4A8570523401}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{F1F06440-4AA0-4501-BB26-8F1B189EA5DA}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{03738FE1-F5EC-486B-81F4-A4463D8F9C54}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{FEF3A349-8507-4BE0-B877-178C73DE0469}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{346F0992-E36B-4725-952A-069BAD0CA1B5}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
    "{9FDBD35E-1507-4C8D-BE04-AF2AE253DE49}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
    "{46E5DA83-EAA0-4A5F-AFC6-66B8418ABEC1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
    "{E6E89EAE-56CE-4D2B-BDCC-984EDC41035D}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
    "{D94236AA-489E-42DB-B275-33CD01249F6D}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
    "{67D8558F-1A9E-4786-AD5C-151ECFFEE23C}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi
    "{A054F495-EF22-4B9F-B244-F8E8DE60B80E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{803455F0-F7C2-40AD-8C9D-2F7B3DD44C13}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{C9F33864-781F-4061-8693-B65A1BE3DB91}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{3517F0E8-EC25-4D31-ADF3-6A1AA65A1CEA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{AF968128-56EF-4B81-9DD3-0B260EC297C6}"= UDP:c:\program files\Autodesk\backburner\monitor.exe:backburner 2.3 monitor
    "{7B2CC5F3-15B8-4C7B-8F9D-437BF702E15A}"= TCP:c:\program files\Autodesk\backburner\monitor.exe:backburner 2.3 monitor
    "{A17F08AA-82DC-4B93-890F-798CC2A1B7C6}"= UDP:c:\program files\Autodesk\backburner\manager.exe:backburner 2.3 manager
    "{6F0F93D1-70CA-47E2-AA0F-0C05AD6EB54A}"= TCP:c:\program files\Autodesk\backburner\manager.exe:backburner 2.3 manager
    "{2C9CD538-D81C-4566-8631-802DBC1D553F}"= UDP:c:\program files\Autodesk\backburner\server.exe:backburner 2.3 server
    "{E58BAABE-304B-44EB-B33A-130CE5408FB6}"= TCP:c:\program files\Autodesk\backburner\server.exe:backburner 2.3 server
    "{6D015C33-4C63-4D8B-B244-B3F179500A32}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{D84484CC-44C1-4C0B-ACE9-98803BB9EBAD}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club
    "{73681816-354B-4BBC-AD9C-6BFA399BCAD5}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{E4B53759-0604-4113-8333-49A758CC4C47}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV
    "{E82E8C34-CFB5-4708-8B08-4E0A89A26AFC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{B5D90231-B2B3-4883-9F4E-7D26A49E750A}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID
    "{AEF7D9BD-36CC-4D48-B06C-BB554F861807}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "DoNotAllowExceptions"= 1 (0x1)

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-10 111184]
    R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-01-24 52736]
    R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-04-01 81296]
    R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [2008-09-24 3658752]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-05-23 43552]
    R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [2008-09-24 73728]
    R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-10 20560]
    R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-10 51792]
    R4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504]
    R4 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-03-18 19456]
    R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-02 341328]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-07-02 193840]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [2008-12-31 89256]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - sptd

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d6c791-b3da-11dd-909a-806e6f6e6963}]
    \shell\AutoRun\command - E:\Autorun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-10 c:\windows\Tasks\User_Feed_Synchronization-{AD78EF56-F04D-4AB8-8F15-3458D0741E8D}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKCU-Run-Start WingMan Profiler - (no file)

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm
    IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\André\AppData\Roaming\Mozilla\Firefox\Profiles\k6z4645e.default\
    FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
    FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-10 18:21:59
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés:

    **************************************************************************
    .
    Heure de fin: 2009-01-10 18:23:57
    ComboFix-quarantined-files.txt 2009-01-10 17:23:54

    Avant-CF: 128,629,133,312 octets libres
    Après-CF: 129,387,188,224 octets libres

    414 --- E O F --- 2009-01-09 07:56:35
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    finalement, navipromo et détournement de DNS, moins grave que ce que je craignais.

    1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

    https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

    3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

    4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

    5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

    6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

    7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

    8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

    9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

    10) Si des malwares ont été détectés, leur liste s'affiche.
    En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

    12) Ferme MBAM en cliquant sur Quitter.

    13) Poste le rapport dans ta réponse

    ====================

    Ferme Internet explorer puis Démarrer/panneau de configuration/options Internet
    - onglet "Contenu" puis onglet "Certificats" et si vous trouvez ceci, en particulier dans « éditeurs approuvés » :
    electronic-group
    egroup
    Montorgueil
    VIP
    "Sunny Day Design Ltd"

    Les supprimer.
    0
  7. dedenast
     
    Voici le rapport:

    Malwarebytes' Anti-Malware 1.32
    Version de la base de données: 1616
    Windows 6.0.6001 Service Pack 1

    10/01/2009 20:26:04
    mbam-log-2009-01-10 (20-26-04).txt

    Type de recherche: Examen rapide
    Eléments examinés: 50751
    Temps écoulé: 3 minute(s), 21 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    ---------------------------------------

    C'est bizarre, on dirait qu'il n'est pas infecté et en plus, dans les certificats j'en n'ai aucun de ceux-ci, j'ai juste "Symantec corporation" et "Verysign class 3 code signing 204 CA"
    0
  8. dedenast
     
    Mais aussi quand j'ai éxécuté ROOTER et RSIT, ils ont supprimé des fichiers et depuis, je n'ai plus (enfin pour l'instant) de redirections...
    0
  9. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    Rooter et RSIT n'ont rien supprimé.

    Seul Combofix a fait des modifications.

    Fais redémarrer l'ordi et relances Hijackthis ( C:\Program Files\Trend Micro\HijackThis\André.exe )

    Choisis l'option "Do a system scan and save a log file"

    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

    Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    Colle le rapport que tu viens de copier sur ce forum
    0
  10. dedenast
     
    Je ne sais pas ce qui c'est passé mais je ne les ai plus ces redirections... Merci beaucoup!
    0
  11. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    je voudrais vérifier où en sont tes infections.

    L'absence de symptômes ne veut pas dire que tu es désinfecté.

    En plus, il faudra nettoyer les outils.
    0