Ordinateur qui délire ???

Tehyas Messages postés 15 Statut Membre -  
Narco!4 Messages postés 2446 Statut Contributeur -
Bonjour,
J'avais quelques virus sur mon ordinateur et je crois m'en être débarrassé. Hors, depuis que jai supprimer mes virus que j'avais, chaque fois que j'essaie d'utiliser un moteur de recherche, que ce soit yahoo, google, etc, quand je fais ma recherche ça me renvoie toujours a une page blanche, que j'utilise Firefox ou Internet Explorer....

Voici mon .log du Hijackthis que je viens d'effectuer sur mon ordinateur
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:29, on 2009-08-10
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E4EB3544-16BE-4E8F-8346-816DAAE2D83A} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Inc. - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6557 bytes

Je suis pas du tout expert avec ca alors moi ca me dit rien tout ce "charabia"

J'Aurais vraiment besoin qu'on m'aide car jai souvent recours a google pour faire des recherches, et la je suis bien faché......

Merci a l'avance!!!!!
Configuration: Windows Vista
Firefox 3.0.13

14 réponses

  1. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    Bonjour,

    télécharge GenProc http://www.genproc.com/GenProc.exe

    double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
    0
  2. Tehyas Messages postés 15 Statut Membre
     
    merci de ta rapidité

    Rapport GenProc 2.613 [1] - 2009-08-10 à 17:11:40
    @ Windows Vista Service Pack 1 - Mode normal
    @ Mozilla Firefox (3.5.2) [Navigateur par défaut]

    ~~ CM DISK ERROR ~~

    Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures" ; par la suite, laisse-le avec ses réglages par défaut. C'est tout.

    # Etape 1/ Télécharge :

    - SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.exe (S!Ri) sur le Bureau.

    - MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.

    - Yoog_Fix http://batchdhelus.open-web.fr/programme/Yoog_Fix.exe (Batch_Man) sur le Bureau.

    - ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe (sUBs) sur ton Bureau.

    ComboFix (sUBs) sur ton Bureau.

    Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; Choisis ta session courante *** Yas *** (pour retrouver le rapport, clique sur le raccourci "Rapport GenProc[1]" sur ton bureau).

    # Etape 2/

    Double-clique sur le fichier "SmitfraudFix.exe" et choisis l'option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

    # Etape 3/

    Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le Bureau. Exécute l'option R : si l'infection est détectée, exécute l'option N. Sauvegarde ce rapport sur ton bureau.

    # Etape 4/

    Lance Yoog_Fix depuis le Bureau et choisis l'option 1 (Recherche/Suppression). Accepte le disclaimer, patiente et lorsque c'est terminé, clique sur OK.

    # Etape 5/

    Double clique sur combofix.exe et suis les instructions. Attention de ne pas utiliser ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne au risque de figer l'ordinateur.

    # Etape 6/

    Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

    # Etape 7/

    Redémarre normalement et poste, dans la même réponse :

    - Le contenu du rapport rapport.txt situé sur le Bureau ;
    - Le contenu du rapport msnfix.txt situé dans C:\Windows ;
    - Le contenu du rapport Yoog.txt situé sur le Bureau ;
    - Le contenu du rapport Combofix.txt situé dans C:\ ;
    - Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;
    - Un nouveau rapport GenProc ;

    Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

    ~~ Arguments de la procédure ~~

    # Détections [1] GenProc 2.613 2009-08-10 à 17:11:55
    Smitfraud:le 2009-08-10 à 17:12:25 "C:\Windows\System32\msxml71.dll"
    MSNFix:le 2009-08-10 à 17:12:30 "C:\Windows\System32\ACER.exe"
    Yoog:le 2009-08-10 à 17:12:34 "C:\Users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\searchplugins\Yoog Search.xml "
    TDSS:le 2009-08-10 à 17:12:34 PFROP Skynet*
    TDSS:le 2009-08-10 à 17:12:34 PFROP UAC*
    0
  3. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    suit ces manips
    0
  4. Tehyas Messages postés 15 Statut Membre
     
    le lien pour le MSNFiX ne marche pas..
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Tehyas Messages postés 15 Statut Membre
     
    Bon encore une problème. Jai tout installer sauf MSN fix puisqu'il ne marche pas, mais la j'ai un autre probleme. Aussitot que j'essaie d'ouvrir Smitfraudfix, combofix et Yoog_fix, les programmes ferment automatiquement avec un message d'erreur "Smitfraudfix.exe a cessé de fonctionner.".......

    Je commence a désespérer !
    0
  7. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    en mode sans echec ?
    non, alors relis
    0
  8. Tehyas Messages postés 15 Statut Membre
     
    Oui oui !! En mode sans échec, Combofix ne veut pas démarrer.. Et j'ai laisser YoogFix rouler pendant plus de 20 minutes sans avoir de nouvelles...
    0
  9. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    clique droit sur combofix.exe (en mode sans echec)
    renomme le en Winlogon.exe
    valide
    clique droit sur Winlogon.exe (en mode sans echec toujours)
    choisi exécuter en tant qu'administrateur
    le scan dure 10 à 20 minutes après prévoir 1 voir 2 redémarrages
    poste le rapport qui s'ouvrira .
    0
  10. Tehyas Messages postés 15 Statut Membre
     
    Bon.. jai fait les scans avec smitfraudfix et jai enfin réussi avec combofix !!!!! Et résultat... MES MOTEURS DE RECHERCHES FONCTIONNENT A NOUVEAU !!!

    Merci beaucoup a toi.. je vais poster tout de même mes .Logs des deux programmes... Merci :)
    Mes 2 prochains posts seront respectivement mes logs smitfraudfix et combofix.
    0
  11. Tehyas Messages postés 15 Statut Membre
     
    mitFraudFix v2.422

    Scan done at 18:09:00,23, 2009-08-10
    Run from C:\Program Files\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Killing process

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost
    ::1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    ...

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Windows\system32\msxml71.dll Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{F6E6DE0E-1557-4038-BB12-5D5A92950990}: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.10.1

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    »»»»»»»»»»»»»»»»»»»»»»»» RK.2

    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» End
    0
  12. Tehyas Messages postés 15 Statut Membre
     
    ComboFix 09-08-10.01 - Yas 2009-08-10 23:29.1.2 - NTFSx86
    Lancé depuis: c:\users\Yas\Desktop\Winlogon.exe.exe
    AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    SP: ESET NOD32 Antivirus 3.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ?

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_UACd.sys
    -------\Legacy_UACd.sys

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-07-11 au 2009-08-11 ))))))))))))))))))))))))))))))))))))
    .

    2009-08-11 03:38 . 2009-08-11 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-08-10 21:57 . 2009-08-10 21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-10 21:31 . 2009-08-10 22:14 -------- d-----w- C:\Yoog_Fix
    2009-08-10 21:11 . 2009-08-10 21:11 -------- d-----w- C:\Genproc
    2009-08-10 20:35 . 2009-08-10 20:13 144896 ----a-w- c:\windows\msb.exe
    2009-08-10 20:12 . 2009-08-10 20:12 20480 ------w- c:\windows\system32\UACobtfyownvn.dll
    2009-08-10 20:11 . 2009-08-10 20:12 30208 ----a-w- c:\windows\system32\UACdbffslhspv.dll
    2009-08-10 20:11 . 2009-08-10 20:11 144896 ----a-w- c:\windows\msa.exe
    2009-08-10 20:11 . 2009-08-10 20:11 207364 ----a-w- c:\windows\system32\msxml71.dll
    2009-08-10 20:11 . 2009-08-10 20:11 269 ----a-w- c:\windows\system32\UACxudxuremsy.dat
    2009-08-10 20:11 . 2009-08-10 22:38 6462 ----a-w- c:\windows\system32\uacinit.dll
    2009-08-10 20:11 . 2009-08-10 22:38 74240 ----a-w- c:\windows\system32\UACtwucqbpmns.dll
    2009-08-10 20:11 . 2009-08-10 20:11 26624 ----a-w- c:\windows\system32\UACkqpdcycksx.dll
    2009-08-10 20:11 . 2009-08-10 20:11 54784 ----a-w- c:\windows\system32\drivers\UACcpixcstoce.sys
    2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\progra~2\Norton
    2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\windows\system32\drivers\NSS
    2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\program files\NortonInstaller
    2009-08-05 22:02 . 2009-08-05 22:02 -------- d-----w- c:\progra~2\NortonInstaller
    2009-07-31 22:05 . 2009-08-10 18:08 58341 ----a-w- c:\windows\system32\u_vvtxijqtyysr.dll.exe
    2009-07-31 18:33 . 2009-07-31 18:33 -------- d-----w- c:\progra~2\WindowsSearch
    2009-07-31 04:36 . 2009-07-31 04:36 -------- d-----w- c:\program files\uTorrent
    2009-07-31 04:35 . 2009-08-10 22:38 -------- d-----w- c:\users\Yas\AppData\Roaming\uTorrent
    2009-07-31 04:30 . 2009-07-31 04:30 -------- d-----w- c:\users\Yas\AppData\Roaming\DivX
    2009-07-28 04:59 . 2009-07-28 05:00 -------- d-----w- c:\program files\Hero Editor
    2009-07-28 04:59 . 2009-07-28 04:59 249856 ------w- c:\windows\Setup1.exe
    2009-07-28 04:59 . 2009-07-28 04:59 73216 ----a-w- c:\windows\ST6UNST.EXE
    2009-07-15 23:26 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 23:26 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 23:26 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 23:26 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-10 20:50 . 2008-06-19 04:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-10 20:49 . 2008-06-19 04:17 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2009-08-10 20:43 . 2006-11-02 15:48 672322 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-10 20:43 . 2006-11-02 15:48 124434 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-10 20:22 . 2009-03-28 01:21 -------- d-----w- c:\progra~2\Skype
    2009-08-10 20:21 . 2008-06-20 01:56 -------- d-----w- c:\program files\Yahoo!
    2009-08-09 23:20 . 2008-06-25 19:13 -------- d-----w- c:\users\Yas\AppData\Roaming\LimeWire
    2009-08-07 22:00 . 2007-12-21 05:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-08-06 20:05 . 2009-03-28 01:23 -------- d-----w- c:\users\Yas\AppData\Roaming\skypePM
    2009-08-06 08:37 . 2008-06-19 18:59 -------- d-----w- c:\progra~2\Apple Computer
    2009-08-05 22:06 . 2007-12-21 05:43 -------- d-----w- c:\progra~2\Symantec
    2009-08-05 22:02 . 2008-08-17 06:37 -------- d-----w- c:\program files\Norton Security Scan
    2009-08-04 21:13 . 2008-08-13 07:21 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-07-18 16:06 . 2009-07-28 19:44 827904 ----a-w- c:\windows\system32\wininet.dll
    2009-07-18 16:01 . 2009-07-28 19:44 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-07-18 09:46 . 2009-07-28 19:44 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-16 18:39 . 2009-06-13 21:01 680 ----a-w- c:\users\Yas\AppData\Local\d3d9caps.dat
    2009-07-16 07:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-07-16 07:02 . 2007-12-21 05:34 -------- d-----w- c:\progra~2\Microsoft Help
    2009-06-29 17:55 . 2009-06-29 17:55 -------- d-----w- c:\users\Yas\AppData\Roaming\Malwarebytes
    2009-06-29 17:55 . 2009-06-29 17:55 -------- d-----w- c:\progra~2\Malwarebytes
    2009-06-28 21:21 . 2008-06-19 20:36 27649 ----a-w- c:\users\Yas\AppData\Roaming\nvModes.dat
    2009-06-27 04:58 . 2009-06-08 21:21 -------- d-----w- c:\program files\Starcraft
    2009-06-23 20:48 . 2009-06-21 18:35 691 ----a-w- c:\users\Yas\AppData\Roaming\GetValue.vbs
    2009-06-23 20:48 . 2009-06-21 18:35 35 ----a-w- c:\users\Yas\AppData\Roaming\SetValue.bat
    2009-06-23 20:48 . 2009-06-21 18:35 35 ----a-w- c:\users\Yas\AppData\Roaming\SetValue.bat
    2009-06-23 20:48 . 2009-06-21 18:27 3986 ----a-w- c:\windows\system32\tmp.reg
    2009-06-21 18:31 . 2008-06-22 17:49 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2009-06-21 18:26 . 2009-06-21 18:26 -------- d-----w- c:\program files\SmitfraudFix
    2009-06-21 17:50 . 2009-06-21 17:50 -------- d-----w- c:\program files\CCleaner
    2009-06-21 17:46 . 2009-06-21 17:46 -------- d-----w- c:\program files\Trend Micro
    2009-06-19 20:36 . 2009-06-19 20:36 -------- d-----w- c:\program files\Alwil Software
    2009-06-19 20:02 . 2009-03-03 01:35 -------- d-----w- c:\program files\KaraFun
    2009-06-19 20:00 . 2007-12-21 04:01 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-19 19:59 . 2008-08-19 04:20 -------- d-----w- c:\program files\Google
    2009-06-08 21:27 . 2009-06-08 21:22 32358 ----a-w- c:\windows\scunin.dat
    2009-06-08 21:27 . 2009-06-08 21:22 967 ----a-w- c:\windows\ScUnin.pif
    2009-06-08 21:27 . 2009-06-08 21:22 69632 ----a-w- c:\windows\ScUnin.exe
    2009-06-02 15:17 . 2009-06-21 18:27 75776 ----a-w- c:\windows\system32\WS2Fix.exe
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2008-06-03 536576]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
    "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-09 95800]
    "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-07-31 288048]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-12-14 102400]
    "eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
    "LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-01-02 707080]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-24 136600]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
    backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"="0x00000000"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-287840835-1693792894-3782310430-1000]
    "EnableNotificationsRef"=dword:00000002

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{E7B5DB18-5051-41B8-8F61-09EB5AA226D0}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
    "{8A3E38F4-8A57-44B8-9C9B-0ABBB230E961}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{A0E23145-DDA0-46CF-B6BF-80B4900C4727}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{7EADDB14-6E00-415F-846A-E34671397E6A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{953592D6-13CD-4EB4-BF15-686D0A2EAD18}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
    "{D2CE0D43-5B73-4C95-A672-D1280161408A}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
    "TCP Query User{A7EAEA02-6951-4440-953E-2A5C5384EC12}d:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= UDP:d:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
    "UDP Query User{502BA454-87D2-4C90-ACFB-46A1398F1025}d:\\world of warcraft\\wow-1.12.0-enus-downloader.exe"= TCP:d:\world of warcraft\wow-1.12.0-enus-downloader.exe:Blizzard Downloader
    "TCP Query User{946B8809-5DBB-4E00-A401-D5842C819B6C}d:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= UDP:d:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
    "UDP Query User{B01A9C45-1A6B-47C6-85EF-88B18DAB59FC}d:\\world of warcraft\\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe"= TCP:d:\world of warcraft\wow-1.12.x-to-2.0.1-enus-patch-downloader.exe:Blizzard Downloader
    "TCP Query User{CA2A1D44-9813-4EEB-9A07-20139F250223}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
    "UDP Query User{8C921A04-8752-415F-9C72-2994E46F4EB5}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
    "TCP Query User{074FD994-357B-4305-9A6F-BCFFD60303A7}c:\\heroes\\heroes of might and magic 3\\heroes3_31_crk.exe"= UDP:c:\heroes\heroes of might and magic 3\heroes3_31_crk.exe:Heroes of Might and Magic® III
    "UDP Query User{7096A8B7-F688-4E58-B921-5A954DD612AA}c:\\heroes\\heroes of might and magic 3\\heroes3_31_crk.exe"= TCP:c:\heroes\heroes of might and magic 3\heroes3_31_crk.exe:Heroes of Might and Magic® III
    "{0D0B273F-6849-4C41-AFFC-342DFD131502}"= UDP:c:\program files\DNA\btdna.exe:DNA
    "{960CB3CC-DD63-47B4-891C-51C75832C55D}"= TCP:c:\program files\DNA\btdna.exe:DNA
    "{7911E1E3-C163-4869-B6D5-2E12B1AE582B}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{D3E4A25B-0B6C-49F9-BF66-6EDF29783318}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{C46B175F-9F32-4DA1-B07C-AC82E48C14A7}"= UDP:c:\program files\DNA\btdna.exe:DNA
    "{A849B45C-C433-4F81-809D-39151A26B3AE}"= TCP:c:\program files\DNA\btdna.exe:DNA
    "{B6B2DA92-C1CE-46E0-9F40-EDBB08AECD4F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{1DB6CB03-9946-4DE5-B244-BA8322B3CFA5}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{5E9A7807-E9DB-405C-AFFF-99F5F35BE47D}c:\\program files\\infogrames\\roller coaster tycoon 2\\rct2.exe"= UDP:c:\program files\infogrames\roller coaster tycoon 2\rct2.exe:rct2
    "UDP Query User{BCC0203F-8CC3-4669-A421-45C98064C7A9}c:\\program files\\infogrames\\roller coaster tycoon 2\\rct2.exe"= TCP:c:\program files\infogrames\roller coaster tycoon 2\rct2.exe:rct2
    "{A00234E9-70F6-443F-9CDD-E69ABB588F19}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "{672BC997-615A-4479-B2F7-EA0013FD8A02}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
    "TCP Query User{32F731D3-F181-4A41-959D-AF6AAF0F3D73}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
    "UDP Query User{76855EAF-9DCF-4064-AD50-0AC22C83DCCD}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
    "{C63016D4-CD35-449D-B9B8-F2EEB240F6F5}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "{538C081E-DE31-46BB-B690-454436BF8D53}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
    "TCP Query User{B8A2F0BF-0C53-455A-A29F-D6AE0FBE20B1}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
    "UDP Query User{7275E529-68E4-4471-9760-793985B1DAF4}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
    "{34EA8406-3470-466C-96F8-FFBFDD771FE7}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
    "{DCE87C74-8B93-48FE-8494-E9AE5C69BCC8}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
    "{C56772C9-D95C-4D76-8C51-DC88E2AEF737}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
    "{687CCB87-45CD-4891-9246-11B0661C66F0}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
    "{48AC174E-B5A3-4829-81A2-A254D37C072A}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "{775A237C-5755-495A-91F2-CA3ACD0B540A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
    "TCP Query User{00C6903E-B027-4527-AFD9-DEB8F117A1F0}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "UDP Query User{7AE84740-6C06-470E-8B79-1C80A32278DC}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
    "{B9C32D6B-9173-42A2-AD4C-BD4ECCDF36B4}"= UDP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
    "{687E24BB-7C34-4F51-9547-95E45A150A0D}"= TCP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll:Google Talk Plugin
    "{9D926585-1286-4989-A32C-2CD5D7F756B1}"= UDP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
    "{0AF53DC5-74C9-4868-8CDF-3B0D99748DC6}"= TCP:c:\users\Yas\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe:Google Talk Plugin
    "{DB62CFDD-9C88-40DD-B381-AB422F05FEA6}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{70FB83C5-C43F-46A3-A88B-62EC090F745E}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{6EDE684F-6862-49D1-9B29-2AD426350618}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{065F31DD-D76C-445E-9913-C53E99DCB657}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{EBCAAF9C-B32A-4BA5-8AC8-2EC940E407C3}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
    "UDP Query User{D6CDB925-5D02-4178-A4B3-770DF1871AD3}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
    "{AAA7C4CB-65C4-48E4-AB88-F31B48A6A7B9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
    "{816A7B0A-7E2F-4BCA-AAB3-E81BDBBB9DB9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
    "TCP Query User{ADDA0A49-8F4A-4DF1-B3CC-6C83776EC754}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
    "UDP Query User{138E4537-9A83-441D-AB00-8A88521775F8}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

    R1 epfwtdir;epfwtdir;c:\windows\System32\drivers\epfwtdir.sys [2007-12-21 33800]
    R2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-12-21 50688]
    R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]
    R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2008-06-19 233472]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [2007-12-21 179712]
    R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [2007-12-21 43008]
    S3 A310;AVerMedia A310 DVB-T;c:\windows\System32\drivers\AVerA310USB.sys [2007-12-21 26368]
    S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\System32\drivers\AVerA310Cap.sys [2007-12-21 42240]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{E4EB3544-16BE-4E8F-8346-816DAAE2D83A} - (no file)
    HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
    FF - plugin: c:\users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************
    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETwdwcbuqx]
    "imagepath"="\systemroot\system32\drivers\SKYNETtpdyrvii.sys"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SKYNETwdwcbuqx]
    @DACL=(02 0000)
    "start"=dword:00000001
    "type"=dword:00000001
    "group"="file system"
    "imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNETtpdyrvii.sys"
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\System32\audiodg.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
    c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
    c:\acer\Empowering Technology\eNet\eNet Service.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\acer\Mobility Center\MobilityService.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\windows\System32\drivers\XAudio.exe
    c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
    c:\acer\Empowering Technology\ePower\ePowerSvc.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Launch Manager\QtZgAcer.EXE
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-08-11 23:48 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-08-11 03:48

    Avant-CF: 72 687 267 840 octets libres
    Après-CF: 72 322 076 672 octets libres

    320 --- E O F --- 2009-08-10 18:09
    0
  13. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    c'est pas terminé relance combofix encore une fois
    puis lance yoog aussi
    0
  14. Tehyas Messages postés 15 Statut Membre
     
    Voici respectivement mes 2 nouveaux .log de yoog et ensuite dans le prochain post de combofix.

    Yoog_Fix 3.0.1 de Batch_Man | Yas (Administrateur)
    Debut a 13:12 le 2009-08-11
    Microsoft® Windows Vista(6.0.6001)

    Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
    Ram : 2045,7 Mo
    Fail-safe boot

    Antivirus: ESET NOD32 Antivirus 3.0 3.0 (Activated)
    UAC : OFF
    Lancé de "C:\Users\Yas\Downloads\Yoog_Fix.bat"

    C:\ [Fixed] - NTFS - (Total:114371 Mo/Free:3432 Mo)
    D:\ [Fixed] - NTFS - (Total:110787 Mo/Free:3721 Mo)
    F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
    G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

    Option [1] 2 3 Recherche / Suppression

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»» [Suppression: Fichiers / Dossiers / Clés / Prefs Firefox]

    SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes" /v "DefaultScope
    SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1A847B91-61F9-427E-8E46-8790E588D41E}
    SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9826E8D7-8B17-4524-AD4C-BC8CCCB75690}
    SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D61DEFA7-A401-466B-98D5-9CB186F04DFE}
    SUPPRIME - HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FE1A5472-E52C-45EE-903A-313B1A2613BB}
    SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1A847B91-61F9-427E-8E46-8790E588D41E}
    SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9826E8D7-8B17-4524-AD4C-BC8CCCB75690}
    SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D61DEFA7-A401-466B-98D5-9CB186F04DFE}
    SUPPRIME - HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FE1A5472-E52C-45EE-903A-313B1A2613BB}

    ------------[Suspects]

    Aucun fichier suspect trouvé

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»» [Recherche: Analyse de Firefox]

    ------------[Analyse de Firefox]

    Mozilla Firefox 3.5.2 (fr)
    Répertoire d'installation : C:\Program Files\Mozilla Firefox
    Path: C:\Users\Yas\AppData\Roaming\Mozilla\Firefox\Profiles\s11zvh7u.default

    ------------[Extensions Firefox]

    [Yas] moveplayer@movenetworks.com = Move Media Player

    {20a82645-c095-46ed-80e3-08825760534b} = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ------------[Mozilla Plugins]

    Path = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    XPTPath = C:\Windows\system32\Macromed\Flash\flashplayer.xpt
    ProductName = Adobe© Flash© Player Plugin
    Vendor = Adobe Systems Incorporated
    Version = 10.0.22.87

    Path = C:\Windows\system32\Adobe\Director\np32dsw.dll
    ProductName = Adobe Shockwave Player
    Vendor = Adobe Systems Inc
    Version = 11.0.0.465

    Path = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    XPTPath = C:\Program Files\iTunes\Mozilla Plugins\npitunes.xpt
    ProductName = iTunes Application Detector
    Version = 8.1.1.10

    Vendor = Apple Inc.
    ProductName = DNA
    Version = 1.0.0.1

    Vendor = BitTorrent, Inc.
    Path = C:\Program Files\DNA\plugins\npbtdna.dll
    Path = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    XPTPath = C:\Program Files\DivX\DivX Web Player\npdivx32.xpt
    GeckoVersion = 1.00
    Version = 1.0.0

    Vendor = DivX,Inc.
    ProductName = DivX Web Player
    Path = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
    XPTPath = C:\Program Files\DivX\DivX Player\nsIDivxPlayerPlugin.xpt
    GeckoVersion = 1.00
    Version = 1.0.0

    Vendor = DivX,Inc.
    ProductName = DivX© Player Plugin
    GeckoVersion = 1.7.5
    Path = C:\Program Files\Microsoft Silverlight\3.0.40723.0\npctrl.dll
    ProductName = Ag Player
    Vendor = Microsoft
    Version = 3.0

    GeckoVersion = 1.7.2
    Path = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    ProductName = Windows Presentation Foundation
    Vendor = Microsoft Corp.
    Version = 3.5

    Path = C:\Program Files\VideoLAN\VLC\npvlc.dll
    Vendor = VideoLAN
    Version = 0.8.6h

    ------------[Plugins de recherche]

    [Program Files] amazon-france.xml = https://www.amazon.fr/
    [Program Files] cnrtl-tlfi-fr.xml = https://www.cnrtl.fr/lexicographie/
    [Program Files] eBay-france.xml = http://search.ebay.fr/
    [Program Files] google.xml = https://www.google.com/
    [Program Files] wikipedia-fr.xml = https://fr.wikipedia.org/wiki/Sp%C3%A9cial:Recherche
    [Program Files] yahoo-france.xml = https://fr.search.yahoo.com/

    ------------[Listing de dossiers]

    [2009-07-30 19:41 | 23544 bytes] C:\Program Files\Mozilla Firefox\Components\browserdirprovider.dll
    [2009-07-30 19:41 | 137208 bytes] C:\Program Files\Mozilla Firefox\Components\brwsrcmp.dll
    [2009-05-01 17:02 | 1044480 bytes] C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    [2008-08-06 16:22 | 114688 bytes] C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
    [2007-08-29 17:47 | 54600 bytes] C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2008-11-23 22:00 | 410976 bytes] C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
    [2009-05-12 14:46 | 1650992 bytes] C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    [2009-05-18 18:41 | 98304 bytes] C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    [2009-07-30 19:41 | 65016 bytes] C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    [2006-10-26 20:12 | 16192 bytes] C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    [2007-05-10 23:52 | 95864 bytes] C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
    [2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    [2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    [2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    [2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    [2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    [2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    [2009-05-07 18:19 | 143360 bytes] C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    [2009-05-01 17:02 | 200704 bytes] C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»» [Recherche: Analyse d'Internet explorer / Registre ]

    Internet Explorer : 7.0.6001.18000

    L1 = HKLM\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    L1 = HKLM\..\Main.Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    L1 = HKCU\..\Main.Start Page = https://www.google.com/?gws_rd=ssl
    L1 = HKU\.DEFAULT\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    L1 = HKU\.DEFAULT\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    L1 = HKU\S-1-5-21-287840835-1693792894-3782310430-1000\..\Main.Start Page = https://www.google.com/?gws_rd=ssl
    L1 = HKU\S-1-5-18\..\Main.Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    L1 = HKU\S-1-5-18\..\Main.Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    L1 = HKLM\..\Main.Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    L1 = HKLM\..\Main.Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    L1 = HKLM\..\Search.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
    L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    L1 = HKLM\..\Search.SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    L1 = HKLM\..\Search.CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
    L1 = HKCU\..\Main.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    L1 = HKU\S-1-5-21-287840835-1693792894-3782310430-1000\..\Main.Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    L2 = HKCU\..\Internet Settings.ProxyOverride = *.local

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    NoAdd-ons = res://ieframe.dll/noaddon.htm
    NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm
    SecurityRisk = res://ieframe.dll/securityatrisk.htm
    Tabs = res://ieframe.dll/tabswelcome.htm
    NavigationFailure = res://ieframe.dll/navcancl.htm
    DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm
    NavigationCanceled = res://ieframe.dll/navcancl.htm
    OfflineInformation = res://ieframe.dll/offcancl.htm
    Home = 0x10e
    blank = res://mshtml.dll/blank.htm
    PostNotCached = res://ieframe.dll/repost.htm

    --------[Browser Helper Object]

    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43},@SANS NOM=(valeur non d‚finie)
    BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96},@SANS NOM=(valeur non d‚finie)
    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6},@SANS NOM=(valeur non d‚finie)
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9},@SANS NOM=(valeur non d‚finie)

    --------[SearchScopes]

    [HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\..\SearchScopes\{8C3EC475-E149-4475-9153-BC3DB4E07BCC}],@DisplayName=Google
    [HKEY_USERS\S-1-5-21-287840835-1693792894-3782310430-1000\..\SearchScopes\{AF333435-B9FE-43B0-8C4B-18DEA86A7EDB}],@DisplayName=Yahoo! Search
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes],@DefaultScope={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}],@DisplayName=@ieframe.dll,-12512
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8C3EC475-E149-4475-9153-BC3DB4E07BCC}],@DisplayName=Google
    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AF333435-B9FE-43B0-8C4B-18DEA86A7EDB}],@DisplayName=Yahoo! Search

    --------[Extensions]

    --------[Clé Run]

    ------------[Autres infections]

    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

    »»»»»»»»»»» [Autres rapports]

    [2009-08-10 18:14] C:\Yoog_Fix\Logs\Rapport_10_08_2009_n1.txt - (Choix 1 : Recherche / Suppression)
    [2009-08-10 18:31] C:\Yoog_Fix\Logs\Rapport_10_08_2009_n2.txt - (Choix 1 : Recherche / Suppression)
    [2009-08-11 13:20] C:\Yoog_Fix\Logs\Rapport_11_08_2009_n3.txt - (Choix 1 : Recherche / Suppression)

    -------------------------->>

    Veuillez uploader le fichier C:\Yoog_Fix\Backups\Backup_11_08_2009_3.zip à l'adresse suivante : http://batchdhelus.open-web.fr/upload
    Aide en images : http://batchdhelus.open-web.fr/upload/procedure.html

    Si la procédure échoue, veuillez l'envoyer à l'adresse email suivante : yoog.fix.sav@gmail.com

    +--------------[Fin à 13h 20min]
    0
  15. Narco!4 Messages postés 2446 Statut Contributeur 467
     
    ok, j'attends combofix
    0