Redirections sur internet Fermé

Question

Bonjour,
Depuis quelques jours, lorsque je clique sur un lien( firefox et ie et opera), il me redirige vers "mamma partners", et des sites du genre... 
J'ai avast. pouvez-vous m'aider svp.

Lyonnais92 · Answer

Bonjour,

Télécharge Rooter de l'équipe IDN sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/Rooter.exe?attachauth=ANoY7cpzQksLcJt-e1z30LGu7t4JjUhh8amzWs_oSPSJpXbXp8ythGbW2WF8ysioh5NNlarrn7zMnYCRfsT5rCwNrfw5_CZYELApylTiY_MGu0G6uKzWpLEF2YXM3tF7nKZZAWj0JSAajXlZhd8dIyI3MrZ-lAIT5ZrAdcrct9_7bshwVpaZRPizuMTv9SDvmvY31BX4Vvvh2F2Brp1cy_K0jtTTfjttEA%3D%3D&attredirects=2

! Déconnecte toi d'internet et ferme toutes applications en cours !


* Exécute Rooter et laisse travailler l'outil .

* Une fois terminé, poste le rapport obtenu pour analyse ... 

================
Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
.

NB : Les rapports sont sauvegardés dans le dossier C:\rsit 

=======================

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

dedenast · Answer

Merci pour votre réponse, voila pour rooter: Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1 X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz ) BIOS : Default System BIOS USER : André ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:288 Go (Free:119 Go) E:\ (CD or DVD) F:\ (CD or DVD) 10/01/2009|17:57 ----------------------\ Search.. C:\Users\ANDR~1\AppData\Local\keacqaw.dat C:\Users\ANDR~1\AppData\Local\keacqaw_nav.dat C:\Users\ANDR~1\AppData\Local\keacqaw_navps.dat [b]==> NAVIPROMO <==[/b] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.114.68,85.255.112.150 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.114.68,85.255.112.150 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters] NameServer REG_SZ 85.255.114.68,85.255.112.150 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}] NameServer REG_SZ 85.255.114.68,85.255.112.150 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}] NameServer REG_SZ 85.255.114.68,85.255.112.150 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}] NameServer REG_SZ 85.255.114.68,85.255.112.150 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}] NameServer REG_SZ 85.255.114.68,85.255.112.150 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}] NameServer REG_SZ 85.255.114.68,85.255.112.150 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}] NameServer REG_SZ 85.255.114.68,85.255.112.150 [b]==> WAREOUT <==[/b] ----------------------\ Cracks & Keygens.. C:\Users\ANDR~1\Desktop\Keymaker 1 - "C:\Rooter$\Rooter_1.txt" - 10/01/2009|17:59 ----------------------\ Scan completed at 17:59 J'ai aussi fait un rapport hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:30:57, on 10/01/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32 askeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32 undll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: FlashGet urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer pbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}: NameServer = 85.255.114.68,85.255.112.150 O17 - HKLM\System\CCS\Services\Tcpip\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}: NameServer = 85.255.114.68,85.255.112.150 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150 O18 - Protocol: Skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite aysat_3dsmax8server.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32 vvsvc.exe O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

dedenast · Answer

Voici le rapport RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by André at 2009-01-10 18:08:46
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 122 GB (41%) free of 296 GB
Total RAM: 3068 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08:50, on 10/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\conime.exe
C:\Users\André\Downloads\RSIT.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\André\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\André.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XP] C:\Program Files\CHRYOPROD\Spy-IT\spy-it.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{81745373-7C42-4AD3-8AEC-DBE32919F930}: NameServer = 85.255.114.68,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}: NameServer = 85.255.114.68,85.255.112.150
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.68,85.255.112.150
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satelliteaysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe

dedenast · Answer

Et enfin le rapport de combofix: ComboFix 09-01-09.03 - André 2009-01-10 18:18:00.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3068.2228 [GMT 1:00] Lancé depuis: c:\users\André\Downloads\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Mozilla Firefox\components\iamfamous.dll C:\resycled c:\resycled\boot.com c:\users\André\AppData\Local\keacqaw.dat c:\users\André\AppData\Local\keacqaw_nav.dat c:\users\André\AppData\Local\keacqaw_navps.dat c:\users\André\AppData\Roaming\.# c:\windows\system32\drivers\msqpdxcqvcpejx.sys c:\windows\system32\msqpdxpjrxoiqr.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSQPDXSERV.SYS -------\Service_MSQPDXSERV.SYS ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-10 au 2009-01-10 )))))))))))))))))))))))))))))))))))) . 2009-01-10 18:05 . 2009-01-10 18:05 d-------- C:\rsit 2009-01-10 17:57 . 2009-01-10 17:59 d-------- C:\Rooter$ 2009-01-10 15:48 . 2009-01-10 15:48 1,004 --ahs---- c:\windows\System32\sys_drv.dat 2009-01-10 15:43 . 2009-01-10 15:43 d-------- c:\users\André\AppData\Roaming\Download Manager 2009-01-10 15:43 . 2009-01-10 15:43 d-------- c:\program files\Folder Lock 6 2009-01-10 15:43 . 2009-01-10 15:43 180,224 --a------ c:\windows\System32\WinVd32.sys 2009-01-10 15:43 . 2009-01-10 15:43 16,384 --a------ c:\windows\System32\WinFl32.sys 2009-01-10 15:42 . 2009-01-10 15:42 118 -r-hs---- c:\users\param.ini 2009-01-10 15:41 . 2009-01-10 15:42 d-------- c:\program files\CHRYOPROD 2009-01-10 15:30 . 2009-01-10 15:30 d-------- c:\program files\Trend Micro 2009-01-10 14:15 . 2009-01-10 14:15 d-------- c:\windows\System32\Kaspersky Lab 2009-01-10 11:22 . 2009-01-10 11:22 d-------- c:\program files\Alwil Software 2009-01-10 11:22 . 2008-11-26 18:17 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys 2009-01-10 11:05 . 2009-01-10 11:05 0 --a------ c:\windows\nsreg.dat 2009-01-09 20:21 . 2009-01-09 20:21 d-------- C:\totalcmd 2009-01-09 14:26 . 2009-01-10 11:19 d-------- c:\users\All Users\Kaspersky Lab 2009-01-09 14:26 . 2009-01-10 11:19 d-------- c:\programdata\Kaspersky Lab 2009-01-09 14:16 . 2009-01-10 09:20 d-------- c:\users\All Users\Kaspersky Lab Setup Files 2009-01-09 14:16 . 2009-01-10 09:20 d-------- c:\programdata\Kaspersky Lab Setup Files 2009-01-09 13:49 . 2009-01-09 13:49 d-------- c:\program files\LiveSwif 2009-01-05 19:52 . 2009-01-05 19:52 d-------- c:\users\André\AppData\Roaming\Sony 2009-01-05 19:36 . 2009-01-05 19:36 d-------- c:\users\André\AppData\Roaming\Publish Providers 2009-01-05 19:36 . 2009-01-05 19:36 d-------- c:\users\André\AppData\Roaming\NetMedia Providers 2009-01-05 18:25 . 2009-01-05 18:25 d-------- c:\program files\Vstplugins 2009-01-05 18:24 . 2009-01-05 18:24 d-------- c:\program files\Sony Setup 2009-01-05 18:24 . 2009-01-05 18:24 d-------- c:\program files\Sony 2009-01-02 20:19 . 1998-10-07 13:08 327,168 --a------ c:\windows\IsUn040c.exe 2009-01-02 20:19 . 2009-01-02 20:19 0 --a------ c:\windows\setup32.INI 2009-01-01 21:44 . 2009-01-10 09:20 d-------- c:\program files\WinHex 2008-12-31 17:15 . 2008-12-31 17:15 d-------- c:\users\André\AppData\Roaming\InstallShield 2008-12-31 17:15 . 2008-12-31 17:15 d-------- c:\users\All Users\Sony Ericsson 2008-12-31 17:15 . 2008-12-31 17:15 d-------- c:\programdata\Sony Ericsson 2008-12-31 17:15 . 2008-05-16 12:33 89,256 --a------ c:\windows\System32\drivers\s0016bus.sys 2008-12-31 17:15 . 2008-05-16 12:33 12,200 --a------ c:\windows\System32\drivers\s0016whnt.sys 2008-12-31 17:15 . 2008-05-16 12:33 12,200 --a------ c:\windows\System32\drivers\s0016wh.sys 2008-12-30 22:19 . 2008-12-31 22:13 404,449,906 --a------ c:\windows\MEMORY.DMP 2008-12-30 21:11 . 2006-08-23 11:24 526,184 --a------ c:\windows\System32\XceedCry.dll 2008-12-30 21:11 . 2003-12-15 11:23 279,392 --a------ c:\windows\System32\XceedFtp.dll 2008-12-30 19:53 . 2008-12-30 19:53 d-------- c:\program files\Microsoft Silverlight 2008-12-30 11:30 . 2009-01-10 09:20 d-------- c:\program files\Opera 2008-12-30 10:30 . 2009-01-10 09:20 d-------- c:\program files\mTC 2008-12-28 17:14 . 2008-12-30 11:31 d-------- c:\users\André\AppData\Roaming\Opera 2008-12-25 17:16 . 2008-12-25 17:16 d-------- c:\program files\7-Zip 2008-12-25 10:10 . 2008-12-25 10:10 d-------- c:\users\All Users\Codemasters 2008-12-25 10:10 . 2008-12-25 10:10 d-------- c:\programdata\Codemasters 2008-12-25 09:49 . 2008-12-25 09:49 d-------- c:\program files\OpenAL 2008-12-25 09:49 . 2008-04-28 15:53 805,400 -ra------ c:\windows\System32\tmp2F6A.tmp 2008-12-25 09:49 . 2008-12-25 09:49 444,952 --a------ c:\windows\System32\wrap_oal.dll 2008-12-25 09:49 . 2008-12-25 09:49 109,080 --a------ c:\windows\System32\OpenAL32.dll 2008-12-25 09:48 . 2008-04-28 15:53 805,400 -ra------ c:\windows\System32\tmp2F3A.tmp 2008-12-25 09:29 . 2008-12-25 09:29 d-------- c:\program files\Codemasters 2008-12-25 08:52 . 2008-12-25 08:52 0 --ah----- c:\windows\System32\drivers\Msft_Kernel_xusb21_01001.Wdf 2008-12-25 08:48 . 2008-12-25 08:48 d-------- c:\program files\Microsoft Xbox 360 Accessories 2008-12-22 17:27 . 2008-12-22 17:27 d-------- c:\program files\Common Files\Atlence 2008-12-22 16:31 . 2008-12-22 16:31 d-------- c:\users\André\AppData\Roaming\FlashGet 2008-12-22 16:31 . 2008-12-22 16:31 d-------- c:\program files\FlashGet 2008-12-22 10:01 . 2008-12-22 10:02 d-------- c:\program files\Microsoft Visual Studio 9.0 2008-12-22 10:00 . 2008-12-22 10:00 d-------- c:\program files\Microsoft SDKs 2008-12-22 09:59 . 2008-12-22 09:59 d-------- c:\program files\Install Creator 2008-12-22 09:52 . 2008-12-22 09:52 d-------- C:\[u]0/u9ce6b9f813f2abd2648 2008-12-20 21:11 . 2008-12-20 21:11 d-------- c:\program files\VistaCodecPack 2008-12-20 21:07 . 2008-12-20 21:07 d-------- c:\users\All Users\VistaCodecs 2008-12-20 21:07 . 2008-12-20 21:07 d-------- c:\programdata\VistaCodecs 2008-12-20 15:30 . 2008-12-31 17:15 d-------- c:\program files\Sony Ericsson 2008-12-19 13:25 . 2008-06-26 02:45 12,240,896 --a------ c:\windows\System32\NlsLexicons0007.dll 2008-12-19 13:25 . 2008-06-26 02:45 2,644,480 --a------ c:\windows\System32\NlsLexicons0009.dll 2008-12-19 13:25 . 2008-06-26 04:29 801,280 --a------ c:\windows\System32\NaturalLanguage6.dll 2008-12-19 13:24 . 2008-08-05 10:49 428,544 --a------ c:\windows\System32\EncDec.dll 2008-12-19 13:24 . 2008-08-05 10:49 293,376 --a------ c:\windows\System32\psisdecd.dll 2008-12-19 13:24 . 2008-08-05 10:48 217,088 --a------ c:\windows\System32\psisrndr.ax 2008-12-19 13:24 . 2008-08-05 10:48 177,664 --a------ c:\windows\System32\mpg2splt.ax 2008-12-19 13:24 . 2008-08-05 10:48 80,896 --a------ c:\windows\System32\MSNP.ax 2008-12-19 13:24 . 2008-04-23 05:41 57,856 --a------ c:\windows\System32\MSDvbNP.ax 2008-12-19 13:14 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2008-12-15 21:07 . 2008-12-15 21:07 d-------- c:\program files\Google 2008-12-15 17:18 . 2009-01-03 10:18 d-------- c:\users\André\AppData\Roaming\skypePM 2008-12-15 17:18 . 2008-12-15 17:18 32 --a------ c:\users\All Users\ezsid.dat 2008-12-15 17:18 . 2008-12-15 17:18 32 --a------ c:\programdata\ezsid.dat 2008-12-14 22:23 . 2009-01-03 12:13 d-------- c:\users\André\AppData\Roaming\Skype 2008-12-14 22:21 . 2008-12-14 22:21 d-------- c:\users\All Users\Skype 2008-12-14 22:21 . 2008-12-14 22:21 d-------- c:\programdata\Skype 2008-12-14 22:21 . 2008-12-14 22:21 d-------- c:\program files\Skype 2008-12-14 22:21 . 2008-12-14 22:21 d-------- c:\program files\Common Files\Skype 2008-12-14 14:30 . 2008-12-14 14:31 d-------- c:\users\André\AppData\Roaming\muvee Technologies 2008-12-14 14:29 . 2008-12-14 14:29 d-------- c:\users\All Users\TEMP 2008-12-14 14:29 . 2008-12-14 14:29 d-------- c:\programdata\TEMP 2008-12-14 14:02 . 2009-01-08 14:53 d-------- c:\users\André\AppData\Roaming\FileZilla 2008-12-14 14:02 . 2008-12-14 14:02 d-------- c:\program files\FileZilla FTP Client 2008-12-13 20:53 . 2008-12-13 20:53 1,700,352 --a------ c:\windows\System32\gdiplus.dll 2008-12-13 20:21 . 2008-12-13 20:21 d-------- c:\users\André\AppData\Roaming\GTek 2008-12-13 12:24 . 2008-12-13 12:24 d-------- c:\windows\PCHEALTH 2008-12-13 12:24 . 2008-12-13 12:24 d-------- c:\program files\Microsoft.NET 2008-12-13 12:21 . 2008-12-13 12:21 d-------- c:\program files\Microsoft Visual Studio 8 2008-12-13 12:19 . 2008-12-13 12:19 dr-h----- C:\MSOCache 2008-12-12 21:35 . 2009-01-10 09:21 d-------- c:\users\André\Bureau 2008-12-12 21:35 . 2009-01-10 09:21 d-------- c:\users\André\Bureau 2008-12-12 21:13 . 2008-12-14 13:55 d-------- c:\users\André\AppData\Roaming\Real 2008-12-12 21:13 . 2008-12-12 21:13 d-------- c:\program files\Real 2008-12-12 21:13 . 2008-12-12 21:13 d-------- c:\program files\Common Files\xing shared 2008-12-12 21:13 . 2008-12-12 21:13 d-------- c:\program files\Common Files\Real 2008-12-12 17:13 . 2008-05-27 06:17 6,103,040 --a------ c:\windows\System32\chtbrkr.dll 2008-12-12 17:13 . 2008-05-27 06:17 1,671,680 --a------ c:\windows\System32\chsbrkr.dll 2008-12-12 17:13 . 2008-05-27 06:21 1,582,592 --a------ c:\windows\System32\tquery.dll 2008-12-12 17:13 . 2008-05-27 06:21 1,418,240 --a------ c:\windows\System32\mssrch.dll 2008-12-12 17:13 . 2008-05-27 06:18 670,208 --a------ c:\windows\System32\mssvp.dll 2008-12-12 17:13 . 2008-05-27 06:18 439,808 --a------ c:\windows\System32\SearchIndexer.exe 2008-12-12 17:13 . 2008-05-27 06:18 350,208 --a------ c:\windows\System32\mssph.dll 2008-12-12 17:13 . 2008-05-27 06:18 203,776 --a------ c:\windows\System32\mssphtb.dll 2008-12-12 17:13 . 2008-05-27 06:18 184,832 --a------ c:\windows\System32\SearchProtocolHost.exe 2008-12-12 17:13 . 2008-05-27 06:18 136,704 --a------ c:\windows\System32\nlhtml.dll 2008-12-12 17:13 . 2008-05-27 06:17 60,416 --a------ c:\windows\System32\msscntrs.dll 2008-12-12 17:13 . 2008-05-27 06:18 56,320 --a------ c:\windows\System32\xmlfilter.dll 2008-12-12 17:13 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-12 17:09 . 2008-12-12 17:09 d-------- c:\program files\MSXML 4.0 2008-12-12 15:31 . 2000-08-21 12:22 1,388,544 --a------ c:\windows\System32\temp.00D 2008-12-12 15:31 . 2000-06-13 11:50 1,077,610 --a------ c:\windows\System32\temp.00A 2008-12-12 15:31 . 2000-06-13 11:50 164,112 --a------ c:\windows\System32\temp.008 2008-12-12 15:31 . 2000-06-13 11:50 147,728 --a------ c:\windows\System32\temp.00B 2008-12-12 15:31 . 2001-02-16 07:44 106,547 --a------ c:\windows\System32\temp.007 2008-12-12 15:31 . 2000-06-13 11:50 22,288 --a------ c:\windows\System32\temp.00C 2008-12-12 15:31 . 2000-06-13 11:50 17,920 --a------ c:\windows\System32\temp.009 2008-12-12 12:47 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-12 12:47 . 2008-10-16 05:47 827,392 --a------ c:\windows\System32\wininet.dll 2008-12-12 12:47 . 2008-08-12 04:39 443,392 --a------ c:\windows\System32\win32spl.dll 2008-12-12 12:47 . 2008-08-27 02:06 288,768 --a------ c:\windows\System32\drivers\srv.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-10 17:18 3,407,872 --sha-w c:\users\André\ntuser.dat 2009-01-10 17:18 3,407,872 --sha-w c:\users\André\ntuser.dat 2009-01-10 17:15 42,559 ----a-w c:\users\All Users\nvModes.dat 2009-01-10 17:15 42,559 ----a-w c:\programdata\nvModes.dat 2009-01-10 14:43 --------- d-----w c:\users\André\AppData\Roaming\Download Manager 2009-01-10 13:19 --------- d-----w c:\users\André\AppData\Roaming\Mozilla 2009-01-10 08:24 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-10 08:20 --------- d-----w c:\users\André\AppData\Roaming\vlc 2009-01-10 08:20 --------- d-----w c:\users\André\AppData\Roaming\dvdcss 2009-01-10 08:20 --------- d-----w c:\users\André\AppData\Roaming\DAEMON Tools 2009-01-10 08:20 --------- d-----w c:\program files\LMSOFT Web Creator Pro 4 2009-01-10 08:19 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-10 08:19 --------- d-----w c:\program files\Hewlett-Packard 2009-01-10 08:19 --------- d-----w c:\program files\CopyRightLeft 2009-01-09 20:51 --------- d-----w c:\programdata\Symantec 2009-01-09 07:22 --------- d-----w c:\program files\Java 2009-01-08 13:53 --------- d-----w c:\users\André\AppData\Roaming\FileZilla 2009-01-05 18:52 --------- d-----w c:\users\André\AppData\Roaming\Sony 2009-01-05 18:36 --------- d-----w c:\users\André\AppData\Roaming\Publish Providers 2009-01-05 18:36 --------- d-----w c:\users\André\AppData\Roaming\NetMedia Providers 2009-01-04 17:35 --------- d-----w c:\users\André\AppData\Roaming\Hewlett-Packard 2009-01-03 11:13 --------- d-----w c:\users\André\AppData\Roaming\Skype 2009-01-03 09:57 --------- d-s---w c:\users\André\AppData\Roaming\Microsoft 2009-01-03 09:18 --------- d-----w c:\users\André\AppData\Roaming\skypePM 2008-12-31 16:15 --------- d-----w c:\users\André\AppData\Roaming\InstallShield 2008-12-30 10:31 --------- d-----w c:\users\André\AppData\Roaming\Opera 2008-12-22 15:31 --------- d-----w c:\users\André\AppData\Roaming\FlashGet 2008-12-22 09:24 --------- d-----w c:\program files\GTA_SA_carspawner 2008-12-22 09:04 --------- d-----w c:\programdata\Microsoft Help 2008-12-21 19:24 --------- d-----w c:\program files\Rockstar Games 2008-12-20 20:49 --------- d-----w c:\program files\DAEMON Tools Lite 2008-12-20 14:46 8,704 ----a-w c:\windows\system32\drivers\ggsemc.sys 2008-12-19 19:37 --------- d-----w c:\users\André\AppData\Roaming\Adobe 2008-12-17 16:54 --------- d-----w c:\programdata\CyberLink 2008-12-16 19:00 --------- d-----w c:\users\André\AppData\Roaming\KompoZer 2008-12-14 13:31 --------- d-----w c:\users\André\AppData\Roaming\muvee Technologies 2008-12-14 12:55 --------- d-----w c:\users\André\AppData\Roaming\Real 2008-12-13 19:21 --------- d-----w c:\users\André\AppData\Roaming\GTek 2008-12-13 11:25 --------- d-----w c:\program files\MSBuild 2008-12-13 11:25 --------- d-----w c:\program files\Microsoft Works 2008-12-12 20:11 --------- d-----w c:\program files\MSECache 2008-12-12 16:26 --------- d-----w c:\program files\Windows Mail 2008-12-11 17:41 --------- d-----w c:\users\André\AppData\Roaming\acccore 2008-12-07 17:44 --------- d-----w c:\program files\imgTools 2008-12-03 19:33 107,888 ----a-w c:\windows\System32\CmdLineExt.dll 2008-12-03 19:29 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE 2008-12-02 16:59 --------- d-----w c:\programdata\WinZip 2008-12-02 16:45 --------- d-----w c:\programdata\Autodesk 2008-12-02 16:34 --------- d-----w c:\program files\Common Files\Autodesk Shared 2008-12-02 16:34 --------- d-----w c:\program files\Autodesk 2008-12-02 09:13 453,152 ----a-w c:\windows\System32\NVUNINST.EXE 2008-12-01 18:41 --------- d-----w c:\users\André\AppData\Roaming\Thinstall 2008-12-01 17:26 --------- d-----w c:\users\André\AppData\Roaming\Media Player Classic 2008-11-30 19:16 --------- d-----w c:\users\André\AppData\Roaming\CyberLink 2008-11-30 16:47 --------- d-----w c:\program files\Common Files\Adobe 2008-11-29 17:20 --------- d-----w c:\users\André\AppData\Roaming\Notepad++ 2008-11-29 17:00 --------- d-----w c:\program files\wamp 2008-11-29 17:00 --------- d-----w c:\program files\Notepad++ 2008-11-29 16:09 --------- d-----w c:\programdata\Ubisoft 2008-11-29 10:50 --------- d-----w c:\program files\Blog 2008-11-29 10:03 --------- d--h--r c:\users\André\AppData\Roaming\SecuROM 2008-11-29 07:45 --------- d-----w c:\program files\VirtualDJ 2008-11-26 14:45 --------- d-----w c:\program files\Common Files\Logitech 2008-11-26 14:44 --------- d-----w c:\program files\Logitech 2008-11-25 19:59 --------- d-----w c:\programdata\WildTangent 2008-11-25 19:52 --------- d-----w c:\program files\HP Games 2008-11-23 16:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys 2008-11-23 13:03 90 ----a-w c:\users\André\AppData\Roaming\wklnhst.dat 2008-11-22 11:26 --------- d-----w c:\program files\Electronic Arts 2008-11-20 19:05 --------- d-----w c:\users\André\AppData\Roaming\Apple Computer 2008-11-20 19:04 --------- d-----w c:\programdata\Apple Computer 2008-11-20 19:04 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-20 19:04 --------- d-----w c:\program files\iTunes 2008-11-20 19:04 --------- d-----w c:\program files\iPod 2008-11-20 19:03 --------- d-----w c:\program files\Common Files\Apple 2008-11-20 19:03 --------- d-----w c:\program files\Bonjour 2008-11-20 19:01 --------- d-----w c:\program files\QuickTime 2008-11-20 19:01 --------- d-----w c:\program files\Free Easy Burner 2008-11-20 19:00 --------- d-----w c:\programdata\Apple 2008-11-20 19:00 --------- d-----w c:\program files\Apple Software Update 2008-11-20 18:58 --------- d-----w c:\program files\VideoLAN 2008-11-20 18:57 --------- d-----w c:\program files\Free Video Converter 2008-11-20 18:56 --------- d-----w c:\program files\Audacity 2008-11-20 16:10 --------- d-----w c:\program files\Common Files\Pinnacle 2008-11-20 16:09 --------- d-----w c:\programdata\Pinnacle Studio Ultimate 2008-11-20 16:05 --------- d-----w c:\programdata\Studio 12 2008-11-20 16:05 --------- d-----w c:\programdata\Pinnacle Studio Plus 2008-11-20 16:05 --------- d-----w c:\programdata\Pinnacle 2008-11-20 16:05 --------- d-----w c:\program files\Pinnacle 2008-11-20 16:05 --------- d-----w c:\program files\Common Files\Yahoo! 2008-11-18 20:45 --------- d-----w c:\program files\AviSynth 2.5 2008-11-18 20:44 --------- d-----w c:\program files\eRightSoft 2008-11-18 20:12 --------- d-----w c:\users\André\AppData\Roaming\PlayFirst 2008-11-18 20:12 --------- d-----w c:\users\André\AppData\Roaming\Macromedia 2008-11-18 16:56 --------- d-----w c:\programdata\AOL OCP 2008-11-18 16:56 --------- d-----w c:\programdata\AOL 2008-11-18 16:41 --------- d-----w c:\users\André\AppData\Roaming\Template 2008-11-18 16:16 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-11-18 10:45 --------- d-----w c:\users\André\AppData\Roaming\Magic Academy 2008-11-17 17:44 --------- d-----w c:\program files\Madrics Nebular USB Analog Controller 2005-05-13 16:12 217,073 --sha-r c:\windows\meta4.exe 2005-10-24 10:13 66,560 --sha-r c:\windows\MOTA113.exe 2005-10-13 20:27 422,400 --sha-r c:\windows\x2.64.exe 2005-10-07 18:14 308,224 --sha-r c:\windows\System32\avisynth.dll 2005-07-14 11:31 27,648 --sha-r c:\windows\System32\AVSredirect.dll 2005-06-26 14:32 616,448 --sha-r c:\windows\System32\cygwin1.dll 2005-06-21 21:37 45,568 --sha-r c:\windows\System32\cygz.dll 2004-01-24 23:00 70,656 --sha-r c:\windows\System32\i420vfw.dll 2005-12-22 19:23 816,640 --sha-r c:\windows\System32\smab.dll 2005-02-28 12:16 240,128 --sha-r c:\windows\System32\x.264.exe 2004-01-24 23:00 70,656 --sha-r c:\windows\System32\yv12vfw.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032] "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.l3codecp"= l3codecp.acm "vidc.mjpg"= pvmjpg30.dll "msacm.divxa32"= divxa32.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Users^André^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\users\André\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] --a------ 2008-02-26 13:08 2289664 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] -ra------ 2008-11-14 14:35 305064 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2008-12-12 21:13 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1F1A5F2C-0E0D-49F9-BD15-679FC4717866}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play "{2356F9ED-8EC9-4BF1-AC9F-4A8570523401}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{F1F06440-4AA0-4501-BB26-8F1B189EA5DA}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{03738FE1-F5EC-486B-81F4-A4463D8F9C54}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{FEF3A349-8507-4BE0-B877-178C73DE0469}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{346F0992-E36B-4725-952A-069BAD0CA1B5}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager "{9FDBD35E-1507-4C8D-BE04-AF2AE253DE49}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager "{46E5DA83-EAA0-4A5F-AFC6-66B8418ABEC1}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio "{E6E89EAE-56CE-4D2B-BDCC-984EDC41035D}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\Studio.exe:Studio "{D94236AA-489E-42DB-B275-33CD01249F6D}"= UDP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi "{67D8558F-1A9E-4786-AD5C-151ECFFEE23C}"= TCP:c:\program files\Pinnacle\Studio 12\Programs\umi.exe:umi "{A054F495-EF22-4B9F-B244-F8E8DE60B80E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{803455F0-F7C2-40AD-8C9D-2F7B3DD44C13}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{C9F33864-781F-4061-8693-B65A1BE3DB91}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{3517F0E8-EC25-4D31-ADF3-6A1AA65A1CEA}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "{AF968128-56EF-4B81-9DD3-0B260EC297C6}"= UDP:c:\program files\Autodesk\backburner\monitor.exe:backburner 2.3 monitor "{7B2CC5F3-15B8-4C7B-8F9D-437BF702E15A}"= TCP:c:\program files\Autodesk\backburner\monitor.exe:backburner 2.3 monitor "{A17F08AA-82DC-4B93-890F-798CC2A1B7C6}"= UDP:c:\program files\Autodesk\backburner\manager.exe:backburner 2.3 manager "{6F0F93D1-70CA-47E2-AA0F-0C05AD6EB54A}"= TCP:c:\program files\Autodesk\backburner\manager.exe:backburner 2.3 manager "{2C9CD538-D81C-4566-8631-802DBC1D553F}"= UDP:c:\program files\Autodesk\backburner\server.exe:backburner 2.3 server "{E58BAABE-304B-44EB-B33A-130CE5408FB6}"= TCP:c:\program files\Autodesk\backburner\server.exe:backburner 2.3 server "{6D015C33-4C63-4D8B-B244-B3F179500A32}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{D84484CC-44C1-4C0B-ACE9-98803BB9EBAD}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{73681816-354B-4BBC-AD9C-6BFA399BCAD5}"= UDP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{E4B53759-0604-4113-8333-49A758CC4C47}"= TCP:c:\program files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:Grand Theft Auto IV "{E82E8C34-CFB5-4708-8B08-4E0A89A26AFC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{B5D90231-B2B3-4883-9F4E-7D26A49E750A}"= UDP:c:\program files\Codemasters\GRID\GRID.exe:GRID "{AEF7D9BD-36CC-4D48-B06C-BB554F861807}"= TCP:c:\program files\Codemasters\GRID\GRID.exe:GRID [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "DoNotAllowExceptions"= 1 (0x1) R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-10 111184] R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [2008-01-24 52736] R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [2008-04-01 81296] R3 NETw5v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits ;c:\windows\System32\drivers\NETw5v32.sys [2008-09-24 3658752] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2008-05-23 43552] R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [2008-09-24 73728] R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-10 20560] R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-10 51792] R4 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-01-21 21504] R4 hpsrv;HP Service;c:\windows\System32\hpservice.exe [2008-03-18 19456] R4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-02 341328] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-07-02 193840] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [2008-12-31 89256] --- Other Services/Drivers In Memory --- *Deregistered* - sptd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ezSharedSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6d6c791-b3da-11dd-909a-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-01-10 c:\windows\Tasks\User_Feed_Synchronization-{AD78EF56-F04D-4AB8-8F15-3458D0741E8D}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 03:24] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Start WingMan Profiler - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\André\AppData\Roaming\Mozilla\Firefox\Profiles\k6z4645e.default\ FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-10 18:21:59 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . Heure de fin: 2009-01-10 18:23:57 ComboFix-quarantined-files.txt 2009-01-10 17:23:54 Avant-CF: 128,629,133,312 octets libres Après-CF: 129,387,188,224 octets libres 414 --- E O F --- 2009-01-09 07:56:35

Lyonnais92 · Answer

Re,

finalement, navipromo et détournement de DNS, moins grave que ce que je craignais.

1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :

https://download.cnet.com/Malwarebytes/3000-8022_4-10804572.html

3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.

4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.

5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :

7) Dans l'onglet analyse, vérifie que "Exécuter une analyse rapide"  est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse


====================

Ferme Internet explorer puis Démarrer/panneau de configuration/options Internet
- onglet "Contenu" puis onglet "Certificats" et si vous trouvez ceci, en particulier dans « éditeurs approuvés »  :
electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"

Les supprimer.

dedenast · Answer

Voici le rapport:


Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1616
Windows 6.0.6001 Service Pack 1

10/01/2009 20:26:04
mbam-log-2009-01-10 (20-26-04).txt

Type de recherche: Examen rapide
Eléments examinés: 50751
Temps écoulé: 3 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


---------------------------------------

C'est bizarre, on dirait qu'il n'est pas infecté et en plus, dans les certificats j'en n'ai aucun de ceux-ci, j'ai juste "Symantec corporation" et "Verysign class 3 code signing 204 CA"

dedenast · Answer

Mais aussi quand j'ai éxécuté ROOTER et RSIT, ils ont supprimé des fichiers et depuis, je n'ai plus (enfin pour l'instant) de redirections...

Lyonnais92 · Answer

Re,

Rooter et RSIT n'ont rien supprimé.

Seul Combofix a fait des modifications.

Fais redémarrer l'ordi et relances Hijackthis ( C:\Program Files\Trend Micro\HijackThis\André.exe )

Choisis l'option "Do a system scan and save a log file"

Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note

Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

Colle le rapport que tu viens de copier sur ce forum

dedenast · Answer

Je ne sais pas ce qui c'est passé mais je ne les ai plus ces redirections... Merci beaucoup!

Lyonnais92 · Answer

Bonsoir,

je voudrais vérifier où en sont tes infections.

L'absence de symptômes ne veut pas dire que tu es désinfecté.

En plus, il faudra nettoyer les outils.

Redirections sur internet

10 réponses

Discussions similaires