Sujet Précédent Sujet Suivant

Ordinateur qui délire ???

Tehyas Messages postés 15 Statut Membre -  
Narco!4 Messages postés 2446 Statut Contributeur -
Bonjour,
J'avais quelques virus sur mon ordinateur et je crois m'en être débarrassé. Hors, depuis que jai supprimer mes virus que j'avais, chaque fois que j'essaie d'utiliser un moteur de recherche, que ce soit yahoo, google, etc, quand je fais ma recherche ça me renvoie toujours a une page blanche, que j'utilise Firefox ou Internet Explorer....

Voici mon .log du Hijackthis que je viens d'effectuer sur mon ordinateur
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:29, on 2009-08-10
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E4EB3544-16BE-4E8F-8346-816DAAE2D83A} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

14 réponses

Réponse 1 / 14
Narco!4 Messages postés 2446 Statut Contributeur 467
 
Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
0
Réponse 2 / 14
Tehyas Messages postés 15 Statut Membre
 
merci de ta rapidité

Rapport GenProc 2.613 [1] - 2009-08-10 à 17:11:40
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.5.2) [Navigateur par défaut]

~~ CM DISK ERROR ~~

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.

# Etape 1/ Télécharge :

- SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.exe (S!Ri) sur le Bureau.

- MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.

- Yoog_Fix http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe (Batch_Man) sur le Bureau.

- ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.

ComboFix (sUBs) sur ton Bureau.

Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Yas *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).

# Etape 2/

Double-clique sur le fichier "SmitfraudFix.exe" et choisis l'option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

# Etape 3/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le Bureau. Exécute l'option R : si l'infection est détectée, exécute l'option N. Sauvegarde ce rapport sur ton bureau.

# Etape 4/

Lance Yoog_Fix depuis le Bureau et choisis l'option 1 (Recherche/Suppression). Accepte le disclaimer, patiente et lorsque c'est terminé, clique sur OK.

# Etape 5/

Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

# Etape 6/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 7/

Redémarre normalement et poste, dans la même réponse :

- Le contenu du rapport rapport.txt situé sur le Bureau ;
- Le contenu du rapport msnfix.txt situé dans C:\Windows ;
- Le contenu du rapport Yoog.txt situé sur le Bureau ;
- Le contenu du rapport Combofix.txt situé dans C:\ ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
- Un nouveau rapport GenProc ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

~~ Arguments de la procédure ~~

# Détections [1] GenProc 2.613 2009-08-10 à 17:11:55
Smitfraud:le 2009-08-10 à 17:12:25 "C:\Windows\System32\msxml71.dll"
MSNFix:le 2009-08-10 à 17:12:30 "C:\Windows\System32\ACER.exe"
Yoog:le 2009-08-10 à 17:12:34 "C:\Users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\searchplugins\Yoog Search.xml "
TDSS:le 2009-08-10 à 17:12:34 PFROP Skynet*
TDSS:le 2009-08-10 à 17:12:34 PFROP UAC*
0
Réponse 3 / 14
Narco!4 Messages postés 2446 Statut Contributeur 467
 
suit ces manips
0
Réponse 4 / 14
Tehyas Messages postés 15 Statut Membre
 
le lien pour le MSNFiX ne marche pas..
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Tehyas Messages postés 15 Statut Membre
 
Bon encore une problème. Jai tout installer sauf MSN fix puisqu'il ne marche pas, mais la j'ai un autre probleme. Aussitot que j'essaie d'ouvrir Smitfraudfix, combofix et Yoog_fix, les programmes ferment automatiquement avec un message d'erreur "Smitfraudfix.exe a cessé de fonctionner.".......

Je commence a désespérer !
0
Réponse 6 / 14
Narco!4 Messages postés 2446 Statut Contributeur 467
 
en mode sans echec ?
non, alors relis
0
Réponse 7 / 14
Tehyas Messages postés 15 Statut Membre
 
Oui oui !! En mode sans échec, Combofix ne veut pas démarrer.. Et j'ai laisser YoogFix rouler pendant plus de 20 minutes sans avoir de nouvelles...
0
Réponse 8 / 14
Narco!4 Messages postés 2446 Statut Contributeur 467
 
clique droit sur combofix.exe (en mode sans echec)
renomme le en Winlogon.exe
valide
clique droit sur Winlogon.exe (en mode sans echec toujours)
choisi exécuter en tant qu'administrateur
le scan dure 10 à 20 minutes après prévoir 1 voir 2 redémarrages
poste le rapport qui s'ouvrira .
0
Réponse 9 / 14
Tehyas Messages postés 15 Statut Membre
 
Bon.. jai fait les scans avec smitfraudfix et jai enfin réussi avec combofix !!!!! Et résultat... MES MOTEURS DE RECHERCHES FONCTIONNENT A NOUVEAU !!!

Merci beaucoup a toi.. je vais poster tout de même mes .Logs des deux programmes... Merci :)
Mes 2 prochains posts seront respectivement mes logs smitfraudfix et combofix.
0
Réponse 10 / 14
Tehyas Messages postés 15 Statut Membre
 
mitFraudFix v2.422

Scan done at 18:09:00,23, 2009-08-10
Run from C:\Program Files\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Windows\system32\msxml71.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

»»»»»»»»»»»»»»»»»»»»»»»» RK.2

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End
0
Réponse 11 / 14
Tehyas Messages postés 15 Statut Membre
 
ComboFix 09-08-10.01 - Yas 2009-08-10 23:29.1.2 - NTFSx86
Lancé depuis: c:\users\Yas\Desktop\Winlogon.exe.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

?

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys

((((((((((((((((((((((((((((( Fichiers créés du 2009-07-11 au 2009-08-11 ))))))))))))))))))))))))))))))))))))
.

2009-08-11 03:38 . 2009-08-11 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-10 21:57 . 2009-08-10 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 21:31 . 2009-08-10 22:14 -------- d-----w- C:\Yoog_Fix
2009-08-10 21:11 . 2009-08-10 21:11 -------- d-----w- C:\Genproc
2009-08-10 20:35 . 2009-08-10 20:13 144896 ----a-w- c:\windows\msb.exe
2009-08-10 20:12 . 2009-08-10 20:12 20480 ------w- c:\windows\system32\UACobtfyownvn.dll
2009-08-10 20:11 . 2009-08-10 20:12 30208 ----a-w- c:\windows\system32\UACdbffslhspv.dll
2009-08-10 20:11 . 2009-08-10 20:11 144896 ----a-w- c:\windows\msa.exe
2009-08-10 20:11 . 2009-08-10 20:11 207364 ----a-w- c:\windows\system32\msxml71.dll
2009-08-10 20:11 . 2009-08-10 20:11 269 ----a-w- c:\windows\system32\UACxudxuremsy.dat
2009-08-10 20:11 . 2009-08-10 22:38 6462 ----a-w- c:\windows\system32\uacinit.dll
2009-08-10 20:11 . 2009-08-10 22:38 74240 ----a-w- c:\windows\system32\UACtwucqbpmns.dll
2009-08-10 20:11 . 2009-08-10 20:11 26624 ----a-w- c:\windows\system32\UACkqpdcycksx.dll
2009-08-10 20:11 . 2009-08-10 20:11 54784 ----a-w- c:\windows\system32\drivers\UACcpixcstoce.sys
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\progra~2\Norton
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\windows\system32\drivers\NSS
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\program files\NortonInstaller
2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\progra~2\NortonInstaller
2009-07-31 22:05 . 2009-08-10 18:08 58341 ----a-w- c:\windows\system32\u_vvtxijqtyysr.dll.exe
2009-07-31 18:33 . 2009-07-31 18:33 -------- d-----w- c:\progra~2\WindowsSearch
2009-07-31 04:36 . 2009-07-31 04:36 -------- d-----w- c:\program files\uTorrent
2009-07-31 04:35 . 2009-08-10 22:38 -------- d-----w- c:\users\Yas\AppData\Roaming\uTorrent
2009-07-31 04:30 . 2009-07-31 04:30 -------- d-----w- c:\users\Yas\AppData\Roaming\DivX
2009-07-28 04:59 . 2009-07-28 05:00 -------- d-----w- c:\program files\Hero Editor
2009-07-28 04:59 . 2009-07-28 04:59 249856 ------w- c:\windows\Setup1.exe
2009-07-28 04:59 . 2009-07-28 04:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-15 23:26 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 23:26 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 23:26 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 23:26 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 20:50 . 2008-06-19 04:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-10 20:49 . 2008-06-19 04:17 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-08-10 20:43 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-10 20:43 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-10 20:22 . 2009-03-28 01:21 -------- d-----w- c:\progra~2\Skype
2009-08-10 20:21 . 2008-06-20 01:56 -------- d-----w- c:\program files\Yahoo!
2009-08-09 23:20 . 2008-06-25 19:13 -------- d-----w- c:\users\Yas\AppData\Roaming\LimeWire
2009-08-07 22:00 . 2007-12-21 05:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-06 20:05 . 2009-03-28 01:23 -------- d-----w- c:\users\Yas\AppData\Roaming\skypePM
2009-08-06 08:37 . 2008-06-19 18:59 -------- d-----w- c:\progra~2\Apple Computer
2009-08-05 22:06 . 2007-12-21 05:43 -------- d-----w- c:\progra~2\Symantec
2009-08-05 22:02 . 2008-08-17 06:37 -------- d-----w- c:\program files\Norton Security Scan
2009-08-04 21:13 . 2008-08-13 07:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 16:06 . 2009-07-28 19:44 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-28 19:44 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-28 19:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-16 18:39 . 2009-06-13 21:01 680 ----a-w- c:\users\Yas\AppData\Local\d3d9caps.dat
2009-07-16 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 07:02 . 2007-12-21 05:34 -------- d-----w- c:\progra~2\Microsoft Help
2009-06-29 17:55 . 2009-06-29 17:55 -------- d-----w- c:\users\Yas\AppData\Roaming\Malwarebytes
2009-06-29 17:55 . 2009-06-29 17:55 -------- d-----w- c:\progra~2\Malwarebytes
2009-06-28 21:21 . 2008-06-19 20:36 27649 ----a-w- c:\users\Yas\AppData\Roaming\nvModes.dat
2009-06-27 04:58 . 2009-06-08 21:21 -------- d-----w- c:\program files\Starcraft
2009-06-23 20:48 . 2009-06-21 18:35 691 ----a-w- c:\users\Yas\AppData\Roaming\GetValue.vbs
2009-06-23 20:48 . 2009-06-21 18:35 35 ----a-w- c:\users\Yas\AppData\Roaming\SetValue.bat
2009-06-23 20:48 . 2009-06-21 18:35 35 ----a-w- c:\users\Yas\AppData\Roaming\SetValue.bat
2009-06-23 20:48 . 2009-06-21 18:27 3986 ----a-w- c:\windows\system32\tmp.reg
2009-06-21 18:31 . 2008-06-22 17:49 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-21 18:26 . 2009-06-21 18:26 -------- d-----w- c:\program files\SmitfraudFix
2009-06-21 17:50 . 2009-06-21 17:50 -------- d-----w- c:\program files\CCleaner
2009-06-21 17:46 . 2009-06-21 17:46 -------- d-----w- c:\program files\Trend Micro
2009-06-19 20:36 . 2009-06-19 20:36 -------- d-----w- c:\program files\Alwil Software
2009-06-19 20:02 . 2009-03-03 01:35 -------- d-----w- c:\program files\KaraFun
2009-06-19 20:00 . 2007-12-21 04:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-19 19:59 . 2008-08-19 04:20 -------- d-----w- c:\program files\Google
2009-06-08 21:27 . 2009-06-08 21:22 32358 ----a-w- c:\windows\scunin.dat
2009-06-08 21:27 . 2009-06-08 21:22 967 ----a-w- c:\windows\ScUnin.pif
2009-06-08 21:27 . 2009-06-08 21:22 69632 ----a-w- c:\windows\ScUnin.exe
2009-06-02 15:17 . 2009-06-21 18:27 75776 ----a-w- c:\windows\system32\WS2Fix.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-06-03 536576]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-09 95800]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-31 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-287840835-1693792894-3782310430-1000]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E7B5DB18-5051-41B8-8F61-09EB5AA226D0}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{8A3E38F4-8A57-44B8-9C9B-0ABBB230E961}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A0E23145-DDA0-46CF-B6BF-80B4900C4727}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7EADDB14-6E00-415F-846A-E34671397E6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{953592D6-13CD-4EB4-BF15-686D0A2EAD18}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{D2CE0D43-5B73-4C95-A672-D1280161408A}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{A7EAEA02-6951-4440-953E-2A5C5384EC12}d:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:d:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{502BA454-87D2-4C90-ACFB-46A1398F1025}d:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:d:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{946B8809-5DBB-4E00-A401-D5842C819B6C}d:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:d:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"UDP Query User{B01A9C45-1A6B-47C6-85EF-88B18DAB59FC}d:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:d:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
"TCP Query User{CA2A1D44-9813-4EEB-9A07-20139F250223}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{8C921A04-8752-415F-9C72-2994E46F4EB5}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{074FD994-357B-4305-9A6F-BCFFD60303A7}c:\\heroes\\heroes of might and magic 3\\heroes3_31_crk.exe"= UDP:c:\heroes\heroes of might and magic 3\heroes3_31_crk.exe:Heroes of Might and Magic® III
"UDP Query User{7096A8B7-F688-4E58-B921-5A954DD612AA}c:\\heroes\\heroes of might and magic 3\\heroes3_31_crk.exe"= TCP:c:\heroes\heroes of might and magic 3\heroes3_31_crk.exe:Heroes of Might and Magic® III
"{0D0B273F-6849-4C41-AFFC-342DFD131502}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{960CB3CC-DD63-47B4-891C-51C75832C55D}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{7911E1E3-C163-4869-B6D5-2E12B1AE582B}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{D3E4A25B-0B6C-49F9-BF66-6EDF29783318}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{C46B175F-9F32-4DA1-B07C-AC82E48C14A7}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{A849B45C-C433-4F81-809D-39151A26B3AE}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{B6B2DA92-C1CE-46E0-9F40-EDBB08AECD4F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1DB6CB03-9946-4DE5-B244-BA8322B3CFA5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5E9A7807-E9DB-405C-AFFF-99F5F35BE47D}c:\\program files\\infogrames\\roller coaster tycoon 2\\rct2.exe"= UDP:c:\program files\infogrames\roller coaster tycoon 2\rct2.exe:rct2
"UDP Query User{BCC0203F-8CC3-4669-A421-45C98064C7A9}c:\\program files\\infogrames\\roller coaster tycoon 2\\rct2.exe"= TCP:c:\program files\infogrames\roller coaster tycoon 2\rct2.exe:rct2
"{A00234E9-70F6-443F-9CDD-E69ABB588F19}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{672BC997-615A-4479-B2F7-EA0013FD8A02}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{32F731D3-F181-4A41-959D-AF6AAF0F3D73}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{76855EAF-9DCF-4064-AD50-0AC22C83DCCD}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
"{C63016D4-CD35-449D-B9B8-F2EEB240F6F5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{538C081E-DE31-46BB-B690-454436BF8D53}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{B8A2F0BF-0C53-455A-A29F-D6AE0FBE20B1}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{7275E529-68E4-4471-9760-793985B1DAF4}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
"{34EA8406-3470-466C-96F8-FFBFDD771FE7}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{DCE87C74-8B93-48FE-8494-E9AE5C69BCC8}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{C56772C9-D95C-4D76-8C51-DC88E2AEF737}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{687CCB87-45CD-4891-9246-11B0661C66F0}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{48AC174E-B5A3-4829-81A2-A254D37C072A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{775A237C-5755-495A-91F2-CA3ACD0B540A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{00C6903E-B027-4527-AFD9-DEB8F117A1F0}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{7AE84740-6C06-470E-8B79-1C80A32278DC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{B9C32D6B-9173-42A2-AD4C-BD4ECCDF36B4}"= UDP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{687E24BB-7C34-4F51-9547-95E45A150A0D}"= TCP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
"{9D926585-1286-4989-A32C-2CD5D7F756B1}"= UDP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{0AF53DC5-74C9-4868-8CDF-3B0D99748DC6}"= TCP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
"{DB62CFDD-9C88-40DD-B381-AB422F05FEA6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{70FB83C5-C43F-46A3-A88B-62EC090F745E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6EDE684F-6862-49D1-9B29-2AD426350618}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{065F31DD-D76C-445E-9913-C53E99DCB657}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{EBCAAF9C-B32A-4BA5-8AC8-2EC940E407C3}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{D6CDB925-5D02-4178-A4B3-770DF1871AD3}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"{AAA7C4CB-65C4-48E4-AB88-F31B48A6A7B9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{816A7B0A-7E2F-4BCA-AAB3-E81BDBBB9DB9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{ADDA0A49-8F4A-4DF1-B3CC-6C83776EC754}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{138E4537-9A83-441D-AB00-8A88521775F8}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-12-21 50688]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-06-19 233472]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-12-21 179712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-12-21 43008]
S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [2007-12-21 26368]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [2007-12-21 42240]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{E4EB3544-16BE-4E8F-8346-816DAAE2D83A} - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************
Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETwdwcbuqx]
"imagepath"="\systemroot\system32\drivers\SKYNETtpdyrvii.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETwdwcbuqx]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNETtpdyrvii.sys"
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\drivers\XAudio.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Launch Manager\QtZgAcer.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2009-08-11 23:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-08-11 03:48

Avant-CF: 72 687 267 840 octets libres
Après-CF: 72 322 076 672 octets libres

320 --- E O F --- 2009-08-10 18:09
0
Réponse 12 / 14
Narco!4 Messages postés 2446 Statut Contributeur 467
 
c'est pas terminé relance combofix encore une fois
puis lance yoog aussi
0
Réponse 13 / 14
Tehyas Messages postés 15 Statut Membre
 
Voici respectivement mes 2 nouveaux .log de yoog et ensuite dans le prochain post de combofix.

Yoog_Fix 3.0.1 de Batch_Man | Yas (Administrateur)
Debut a 13:12 le 2009-08-11
Microsoft® Windows Vista(6.0.6001)

Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Ram : 2045,7 Mo
Fail-safe boot

Antivirus: ESET NOD32 Antivirus 3.0 3.0 (Activated)
UAC : OFF
Lancé de "C:\Users\Yas\Downloads\Yoog_Fix.bat"

C:\ [Fixed] - NTFS - (Total:114371 Mo/Free:3432 Mo)
D:\ [Fixed] - NTFS - (Total:110787 Mo/Free:3721 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Option [1] 2 3 Recherche / Suppression

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]

SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1A847B91-61F9-427E-8E46-8790E588D41E}
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9826E8D7-8B17-4524-AD4C-BC8CCCB75690}
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D61DEFA7-A401-466B-98D5-9CB186F04DFE}
SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FE1A5472-E52C-45EE-903A-313B1A2613BB}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1A847B91-61F9-427E-8E46-8790E588D41E}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9826E8D7-8B17-4524-AD4C-BC8CCCB75690}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D61DEFA7-A401-466B-98D5-9CB186F04DFE}
SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FE1A5472-E52C-45EE-903A-313B1A2613BB}

------------[Suspects]

Aucun fichier suspect trouvé

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Recherche: Analyse de Firefox]

------------[Analyse de Firefox]

Mozilla Firefox 3.5.2 (fr)
Répertoire d'installation : C:\Program Files\Mozilla Firefox
Path: C:\Users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default

------------[Extensions Firefox]

[Yas] moveplayer@movenetworks.com = Move Media Player

{20a82645-c095-46ed-80e3-08825760534b} = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

------------[Mozilla Plugins]

Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
ProductName = Adobe© Flash© Player Plugin
Vendor = Adobe Systems Incorporated
Version = 10.0.22.87

Path = C:\Windows\system32\Adobe\Director\np32dsw.dll
ProductName = Adobe Shockwave Player
Vendor = Adobe Systems Inc
Version = 11.0.0.465

Path = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
XPTPath = C:\Program Files\iTunes\Mozilla Plugins\npitunes.xpt
ProductName = iTunes Application Detector
Version = 8.1.1.10

Vendor = Apple Inc.
ProductName = DNA
Version = 1.0.0.1

Vendor = BitTorrent, Inc.
Path = C:\Program Files\DNA\plugins\npbtdna.dll
Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
GeckoVersion = 1.00
Version = 1.0.0

Vendor = DivX,Inc.
ProductName = DivX Web Player
Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
GeckoVersion = 1.00
Version = 1.0.0

Vendor = DivX,Inc.
ProductName = DivX© Player Plugin
GeckoVersion = 1.7.5
Path = C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
ProductName = Ag Player
Vendor = Microsoft
Version = 3.0

GeckoVersion = 1.7.2
Path = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
ProductName = Windows Presentation Foundation
Vendor = Microsoft Corp.
Version = 3.5

Path = C:\Program Files\VideoLAN\VLC\npvlc.dll
Vendor = VideoLAN
Version = 0.8.6h

------------[Plugins de recherche]

[Program Files] amazon-france.xml = https://www.amazon.fr/
[Program Files] cnrtl-tlfi-fr.xml = https://www.cnrtl.fr/lexicographie/
[Program Files] eBay-france.xml = http://search.ebay.fr/
[Program Files] google.xml = https://www.google.com/
[Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
[Program Files] yahoo-france.xml = https://fr.search.yahoo.com/

------------[Listing de dossiers]

[2009-07-30 19:41 | 23544 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
[2009-07-30 19:41 | 137208 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
[2009-05-01 17:02 | 1044480 bytes] C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008-08-06 16:22 | 114688 bytes] C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2007-08-29 17:47 | 54600 bytes] C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008-11-23 22:00 | 410976 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009-05-12 14:46 | 1650992 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009-05-18 18:41 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009-07-30 19:41 | 65016 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006-10-26 20:12 | 16192 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2007-05-10 23:52 | 95864 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009-05-01 17:02 | 200704 bytes] C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]

Internet Explorer : 7.0.6001.18000

L1 = HKLM\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKCU\..\Main.Start Page = https://www.google.com/?gws_rd=ssl
L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-287840835-1693792894-3782310430-1000\..\Main.Start Page = https://www.google.com/?gws_rd=ssl
L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
L1 = HKLM\..\Search.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
L1 = HKCU\..\Main.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L1 = HKU\S-1-5-21-287840835-1693792894-3782310430-1000\..\Main.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
L2 = HKCU\..\Internet Settings.ProxyOverride = *.local

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
NoAdd-ons = res://ieframe.dll/noaddon.htm
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
SecurityRisk = res://ieframe.dll/securityatrisk.htm
Tabs = res://ieframe.dll/tabswelcome.htm
NavigationFailure = res://ieframe.dll/navcancl.htm
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
NavigationCanceled = res://ieframe.dll/navcancl.htm
OfflineInformation = res://ieframe.dll/offcancl.htm
Home = 0x10e
blank = res://mshtml.dll/blank.htm
PostNotCached = res://ieframe.dll/repost.htm

--------[Browser Helper Object]

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=(valeur non d‚finie)
BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96},@SANS NOM=(valeur non d‚finie)
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=(valeur non d‚finie)
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=(valeur non d‚finie)

--------[SearchScopes]

[HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\..\SearchScopes\{8C3EC475-E149-4475-9153-BC3DB4E07BCC}],@DisplayName=Google
[HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\..\SearchScopes\{AF333435-B9FE-43B0-8C4B-18DEA86A7EDB}],@DisplayName=Yahoo! Search
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C3EC475-E149-4475-9153-BC3DB4E07BCC}],@DisplayName=Google
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF333435-B9FE-43B0-8C4B-18DEA86A7EDB}],@DisplayName=Yahoo! Search

--------[Extensions]

--------[Clé Run]

------------[Autres infections]

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»» [Autres rapports]

[2009-08-10 18:14] C:\Yoog_Fix\Logs\Rapport_10_08_2009_n1.txt - (Choix 1 : Recherche / Suppression)
[2009-08-10 18:31] C:\Yoog_Fix\Logs\Rapport_10_08_2009_n2.txt - (Choix 1 : Recherche / Suppression)
[2009-08-11 13:20] C:\Yoog_Fix\Logs\Rapport_11_08_2009_n3.txt - (Choix 1 : Recherche / Suppression)

-------------------------->>

Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_11_08_2009_3.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html

Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com

+--------------[Fin à 13h 20min]
0
Réponse 14 / 14
Narco!4 Messages postés 2446 Statut Contributeur 467
 
ok, j'attends combofix
0