Trojandownloader Win32/Renos.JM

loqua -  
 franck -
Bonjour,

J'ai windows defender qui me dit que j'ai ce trojan. Quand j'essaie de le supprimer la fenetre disparait mais le message réapparait quelques instants plus tard...

Pouvez vous m'aider?

Merci d'avance
Configuration: Windows Vista
Opera 9.64

38 réponses

  • 1
  • 2
  1. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Je ne suis pas persuadé que le problème soit réglé !

    -----
    Clique droit sur ce lien pour installer ComboFix (par sUBs) :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
    et sauvegarde-le (Enregistrer dans) sur le Bureau.

    Important : dans "Nom du fichier" enregistre (renomme) "combofix" en combo-fix.exe

    Prends connaissance de ce tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Ferme toutes les fenêtres et applications.
    Déconnecte-toi du net et désactive tes protections résidentes :
    https://forum.pcastuces.com/default.asp

    A ce stade, désactive l' UAC (important) : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/desactiver-controle-utilisateurs-sujet_198996_1.htm

    Sur le bureau, double clique combo-fix.exe.
    Tape sur la touche Y (Yes) pour démarrer le scan.
    ComboFix redémarrera ton PC.
    Lorsque le scan sera complété, un rapport apparaîtra.
    Copie/colle ce rapport dans ta prochaine réponse et nouveau rapport hijackthis.

    PS : Le rapport se trouve également ici : C:\Combofix.txt

    Ne pas cliquer dans la fenêtre de Combofix durant l’analyse car, cela pourrait provoquer
    le gel du programme
    !
    1
  2. LBT76240
     
    Si c'est le même que j'ai eu, suit cette soluce
    Pour suprimer le virus ouvre windows defender
    Va ensuite dans l'historique, tu remarquera que avant chaque info du Trojan il y a un programme Marquer Inconnu
    Va voir dessus Pour exemple moi j'ai ceci
    "Description :
    Ce programme présente un comportement potentiellement non désiré.

    Conseil :
    N’autorisez cet élément détecté que si vous faites confiance au programme ou à l’éditeur du logiciel.

    Ressources :
    file:
    C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

    file:
    C:\Users\Core2Duo\AppData\Local\Temp\c.exe

    taskscheduler:
    C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

    Catégorie :
    Non encore classifié"
    Il m'a suffi de suprimer les 3 Ficher (C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    C:\Users\Core2Duo\AppData\Local\Temp\c.exe
    C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job)
    Et depuis pu le message du Trojan
    1
  3. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    Télécharge et installe SmitFraudFix (par S!Ri) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    Double-clique sur SmitfraudFix.exe
    Dans le menu, fais le choix 1 et appuie sur "Entrée" pour créer un
    rapport que tu trouveras à la racine du disque dur C:\rapport.txt

    Poste-le.
    0
  4. loqua
     
    Merci kduc pour votre aide!

    SmitfraudFix ne fonctionne pas correctement, ca me dit: acces refusé

    J'ai fait en attendant votre réponse, voyant les autres réponses sur le forum, un log avec hijackthis

    dont voici le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:44:05, on 15/08/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18294)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
    O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}: NameServer = 85.255.112.83,85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}: NameServer = 85.255.112.83,85.255.112.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.83,85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.83,85.255.112.20
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. kduc Messages postés 1537 Statut Membre 133
     
    ...

    Télécharge WareOut Removal Tool (par dj QUIOU & la team sécurité MH) :
    http://pc-system.fr/

    Lance le fichier WareOut_Removal_Tool.bat et choisis l'option 1.

    Patiente (une à deux minutes maximum) pendant que le programme sauvegarde le regsitre.

    Lis bien attentivement les instructions qui te seront données.

    En fin d'analyse, un rapport va s'ouvrir ; poste-le.

    ---
    Ensuite, ...

    Télécharge Toolbar S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    Lance l'installation du programme en exécutant le fichier téléchargé.
    Double-clique maintenant sur le raccourci de Toolbar-S&D.
    Sélectionne la langue de ton choix puis, valide avec la touche "Entrée".
    Ensuite, choisis l'option 1 (Recherche).
    Patiente jusqu'à la fin de la recherche.
    Le contenu du rapport est situé dans : C:\TB.txt
    Poste-le.
    0
  7. loqua
     
    alors pour le premier rapport: wareout

    ===== Rapport WareOut Removal Tool =====

    version 3.6.2

    analyse effectuée le 15/08/2009 à 23:26:49,40

    Résultats de l'analyse :
    ========================

    ~~~~ Recherche d'infections dans C:\ ~~~~

    ~~~~ Recherche d'infections dans C:\Program Files\ ~~~~

    ~~~~ Recherche d'infections dans C:\Windows\system\ ~~~~

    ~~~~ Recherche d'infections dans C:\Windows\system32\ ~~~~

    ~~~~ Recherche d'infections dans C:\Windows\system32\drivers\ ~~~~

    ~~~~ Recherche d'infections dans C:\Users\loquacissima\AppData\Roaming\ ~~~~

    ~~~~ Recherche d'infections dans C:\Users\loquacissima\Bureau\ ~~~~

    ~~~~ Recherche de détournement de DNS ~~~~

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    DhcpNameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    DhcpNameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    DhcpNameServer REG_SZ 85.255.112.83,85.255.112.20

    ~~~~ Recherche de Rootkits ~~~~

    _______________________________________________________________________

    driver loading error disk not found C:\

    please note that you need administrator rights to perform deep scan
    _______________________________________________________________________

    ~~~~ Recherche d'infections dans C:\Users\LOQUAC~1\AppData\Local\Temp\ ~~~~

    ~~~~ Recherche d'infections dans C:\Users\loquacissima\Start Menu\Programs\ ~~~~

    ~~~~ Nettoyage du registre ~~~~

    ~~~~ Tentative de réparation des entrées suivantes: ~~~~

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System"

    [HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service]
    [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service]

    ~~~~ Vérification: ~~~~

    _________________________________

    développé par http://pc-system.fr

    et pour toolbar:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
    BIOS : Default System BIOS
    USER : loquacissima ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG Anti-Virus Free 8.0 (Activated)
    C:\ (Local Disk) - NTFS - Total:223 Go (Free:106 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 15/08/2009|23:31 )

    [ UAC => 1 ]

    -----------\\ Recherche de Fichiers / Dossiers ...

    [Service] ASKService
    [Service] ASKUpgrade
    C:\Program Files\AskBarDis
    C:\Program Files\AskBarDis\bar
    C:\Program Files\AskBarDis\unins000.dat
    C:\Program Files\AskBarDis\unins000.exe
    C:\Program Files\AskBarDis\bar\bin
    C:\Program Files\AskBarDis\bar\Settings
    C:\Program Files\AskBarDis\bar\bin\askBar.dll
    C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
    C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\AskBarDis\bar\bin\psvince.dll
    C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
    C:\Program Files\AskBarDis\bar\Settings\config.dat
    C:\Program Files\AskBarDis\bar\Settings\config.dat.bak

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF"
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
    "Search Bar"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF"
    "Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    --------------------\\ Recherche d'autres infections

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer REG_SZ 85.255.112.83,85.255.112.20
    [b]==> WAREOUT <==/b

    --------------------\\ Cracks & Keygens ..

    C:\Users\LOQUAC~1\Documents\CambridgeSoft-fichier installation\ChemOffice\keygen.exe
    C:\Users\LOQUAC~1\Music\musique\ABBA-_The_Definitive_Collection_-_by_baleog3\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).mp3

    [ UAC => 1 ]

    1 - "C:\ToolBar SD\TB_1.txt" - 15/08/2009|23:31 - Option : [1]

    -----------\\ Fin du rapport a 23:31:27,38
    0
  8. kduc Messages postés 1537 Statut Membre 133
     
    ...

    "--------------------\\ Cracks & Keygens ..

    C:\Users\LOQUAC~1\Documents\CambridgeSoft-fichier installation\ChemOffice\keygen.exe
    C:\Users\LOQUAC~1\Music\musique\ABBA-_The_Definitive_Collection_-_by_baleog3\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).mp3
    "

    https://forum.malekal.com/viewtopic.php?t=893&start=

    ---
    Relance Toolbar-S&D en double-cliquant sur le raccourci.
    Fais le choix 2, puis valide en appuyant sur Entrée.

    Ne ferme pas la fenêtre lors de la suppression !

    Un rapport est généré. Poste-le dans ta prochaine réponse.

    PS : si ton bureau ne réapparaît pas, appuie simultanément sur
    Ctrl/Alt/Suppr pour ouvrir le Gestionnaire de tâches.
    Rends-toi sur l’ onglet "Processus" ; clique en haut, à gauche sur
    "Fichier" et choisis "Exécuter..."
    Tape explorer, puis valide.

    ---
    Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
    http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html
    puis, lance un scan COMPLET et poste le rapport.

    PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
    puis sur Supprimer la sélection.
    0
  9. loqua
     
    Bonjour,

    Voici le rapport de Toolbar:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz )
    BIOS : Default System BIOS
    USER : loquacissima ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG Anti-Virus Free 8.0 (Activated)
    C:\ (Local Disk) - NTFS - Total:223 Go (Free:106 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
    E:\ (CD or DVD)
    F:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 16/08/2009| 0:03 )

    [ UAC => 1 ]

    -----------\\ SUPPRESSION

    Supprime! - [Service] ASKService
    Supprime! - [Service] ASKUpgrade
    Supprime! - C:\Program Files\AskBarDis\bar
    Supprime! - C:\Program Files\AskBarDis\unins000.dat
    Supprime! - C:\Program Files\AskBarDis\unins000.exe
    Supprime! - C:\Program Files\AskBarDis

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Page_URL"="http://ie.redirect.hp.com/..."
    "Local Page"="C:\\Windows\\system32\\blank.htm"
    "Search Page"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
    "Search Bar"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
    "Url"="https://www.msn.com/fr-fr/actualite/"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="https://www.msn.com/fr-fr/"
    "Default_Page_URL"="http://ie.redirect.hp.com/..."
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

    --------------------\\ Recherche d'autres infections

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer REG_SZ 85.255.112.83,85.255.112.20
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer REG_SZ 85.255.112.83,85.255.112.20
    [b]==> WAREOUT <==/b

    --------------------\\ Cracks & Keygens ..

    C:\Users\LOQUAC~1\Documents\CambridgeSoft-fichier installation\ChemOffice\keygen.exe
    C:\Users\LOQUAC~1\Music\musique\ABBA-_The_Definitive_Collection_-_by_baleog3\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).mp3

    [ UAC => 1 ]

    Ensuite pour Malwarebytes Anti-Malwares, le lien que vous m'avait donné ne marchait pas, j'ai cherché et trouvé tout de meme le programme Malwarebytes Anti-Malwares 1.4. Cependant, une erreur se produit lors de la mise à jour, je pense que cela vient du trojan, j'ai le meme probleme avec mon spybot. J'ai tout de meme lancer l'analyse.... 15 eléments infectés donc supprimés

    Voici le rapport:

    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41761a96-69e5-4ab7-8c08-0d457fd20fda}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{41761a96-69e5-4ab7-8c08-0d457fd20fda}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{41761a96-69e5-4ab7-8c08-0d457fd20fda}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    0
  10. loqua
     
    le probleme a l'air d'etre réglé, merci beaucoup kduc!
    0
  11. loqua
     
    combo detecte que AVG est en marche alors que j'ai arreté ce programme, dans le lien pour désactiver les protections résidentes il y a rien sur AVG. Que dois-je faire?
    0
  12. loqua
     
    J'ai trouvé pour desactiver le resident shield d'AVG

    Dc pour le rapport de combo j'ai:

    ComboFix 09-08-10.06 - loquacissima 16/08/2009 13:52.1.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3068.1973 [GMT 2:00]
    Running from: c:\users\loquacissima\Desktop\Combo-Fix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
    SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\Installer\1e5cd.msi

    .
    ((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
    .

    2009-08-16 11:50 . 2009-08-16 11:50 6736 ----a-w- c:\windows\system32\drivers\PROCEXP90.SYS
    2009-08-15 22:10 . 2009-08-15 22:10 -------- d-----w- c:\users\loquacissima\AppData\Roaming\Malwarebytes
    2009-08-15 22:10 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-15 22:10 . 2009-08-15 22:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-15 22:10 . 2009-08-15 22:10 -------- d-----w- c:\programdata\Malwarebytes
    2009-08-15 22:10 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-15 21:30 . 2009-08-15 22:03 -------- d-----w- C:\ToolBar SD
    2009-08-15 21:25 . 2009-08-15 21:27 -------- d-----w- C:\WORT
    2009-08-15 19:43 . 2009-08-15 19:43 -------- d-----w- c:\program files\Trend Micro
    2009-08-14 23:21 . 2009-08-14 23:22 -------- d-----w- c:\program files\QuickTime
    2009-08-14 23:21 . 2009-08-14 23:21 -------- d-----w- c:\programdata\Apple Computer
    2009-08-14 23:20 . 2009-08-14 23:20 -------- d-----w- c:\users\loquacissima\AppData\Local\Apple
    2009-08-14 23:20 . 2009-08-14 23:20 -------- d-----w- c:\program files\Apple Software Update
    2009-08-14 23:20 . 2009-08-14 23:20 -------- d-----w- c:\programdata\Apple
    2009-08-13 15:36 . 2009-08-13 15:36 10684866 ----a-w- c:\users\loquacissima\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
    2009-08-13 10:36 . 2009-08-15 08:51 182 ----a-w- c:\users\loquacissima\AppData\Roaming\Azureus\restart.bat
    2009-08-13 09:59 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-08-13 09:55 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-08-13 09:55 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-08-13 09:55 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-08-13 09:55 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-08-13 09:45 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
    2009-08-13 09:45 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2009-08-13 09:45 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-08-02 17:25 . 2009-08-02 17:25 -------- d-----w- c:\users\loquacissima\AppData\Roaming\ArcSoft
    2009-08-02 17:00 . 2009-08-12 12:06 -------- d-----w- c:\users\loquacissima\AppData\Roaming\Canon
    2009-08-02 16:53 . 2009-08-02 16:53 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
    2009-08-02 16:52 . 2008-04-03 03:00 198656 ----a-w- c:\windows\system32\CNMLM7K.DLL
    2009-08-02 16:52 . 2008-02-07 13:59 195072 ----a-w- c:\windows\system32\CNCC150.DLL
    2009-08-02 16:52 . 2008-02-07 13:59 37888 ----a-w- c:\windows\system32\CNCI150.DLL
    2009-08-02 16:52 . 2006-06-29 12:29 106496 ----a-w- c:\windows\system32\cncisco.dll
    2009-08-02 16:52 . 2005-05-30 17:45 139264 ----a-w- c:\windows\system32\CNCL150.DLL
    2009-08-02 16:51 . 2009-08-02 16:51 -------- d--h--w- c:\program files\CanonBJ
    2009-08-02 16:47 . 2009-08-02 16:47 -------- d-----w- c:\program files\Common Files\Canon
    2009-08-02 16:23 . 2009-08-02 16:23 -------- d-----w- c:\users\loquacissima\AppData\Roaming\ScanSoft
    2009-08-02 16:23 . 2009-08-02 16:23 -------- d-----w- c:\programdata\SSScanWizard
    2009-08-02 16:23 . 2009-08-02 16:23 -------- d-----w- c:\programdata\SSScanAppDataDir
    2009-08-02 16:23 . 2009-08-02 16:23 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
    2009-08-02 16:23 . 2009-08-02 16:23 -------- d-----w- c:\program files\ScanSoft
    2009-08-02 16:21 . 2009-08-02 16:21 -------- d-----w- c:\program files\ArcSoft
    2009-08-02 16:21 . 1995-08-01 02:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
    2009-08-02 16:20 . 1998-11-13 11:16 308224 ----a-w- c:\windows\IsUn040c.exe
    2009-08-02 16:19 . 2009-08-02 16:19 -------- d-----w- c:\windows\StartHtmico
    2009-08-02 16:17 . 2009-08-02 16:36 -------- d-----w- c:\program files\Canon
    2009-08-02 16:01 . 2009-08-02 16:02 -------- d-----w- c:\users\loquacissima\AppData\Roaming\muvee Technologies
    2009-07-24 10:48 . 2009-08-16 10:52 -------- d--h--w- C:\$AVG8.VAULT$
    2009-07-21 11:13 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-21 11:13 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-21 11:13 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-21 11:13 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-21 11:09 . 2009-07-21 11:09 410984 ----a-w- c:\windows\system32\deploytk.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-16 11:20 . 2008-11-30 23:49 43224 ----a-w- c:\programdata\nvModes.dat
    2009-08-15 21:20 . 2009-04-11 18:32 -------- d-----w- c:\program files\Yahoo!
    2009-08-15 19:28 . 2008-07-02 16:10 679418 ----a-w- c:\windows\system32\perfh00C.dat
    2009-08-15 19:28 . 2008-07-02 16:10 128418 ----a-w- c:\windows\system32\perfc00C.dat
    2009-08-15 14:39 . 2009-04-11 18:43 -------- d-----w- c:\users\loquacissima\AppData\Roaming\Azureus
    2009-08-14 23:25 . 2009-04-11 18:43 -------- d-----w- c:\program files\Vuze
    2009-08-13 18:04 . 2008-07-02 07:55 -------- d-----w- c:\programdata\Microsoft Help
    2009-08-13 18:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-08-12 17:27 . 2009-04-11 18:28 -------- d-----w- c:\users\loquacissima\AppData\Roaming\Winamp
    2009-08-04 08:00 . 2009-04-12 16:48 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-08-02 16:21 . 2008-07-02 06:34 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-07-26 11:22 . 2009-04-11 18:33 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-24 08:55 . 2009-04-21 09:15 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-07-21 11:09 . 2008-07-02 08:18 -------- d-----w- c:\program files\Java
    2009-07-18 16:06 . 2009-07-29 10:16 827904 ----a-w- c:\windows\system32\wininet.dll
    2009-07-18 16:01 . 2009-07-29 10:16 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-07-18 09:46 . 2009-07-29 10:16 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-06-26 20:27 . 2009-06-26 20:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-06-24 20:36 . 2009-06-24 20:36 -------- d--h--w- c:\programdata\CanonBJ
    2009-06-19 09:22 . 2009-04-21 09:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-06-03 11:30 . 2009-04-11 15:06 106552 ----a-w- c:\users\loquacissima\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-05-21 09:32 . 2009-05-15 08:43 680 ----a-w- c:\users\loquacissima\AppData\Local\d3d9caps.dat
    2008-11-19 09:50 . 2009-04-14 15:39 500769815 ----a-w- c:\program files\Office 2007 pro plus fr + cléf.rar
    2009-04-11 16:31 . 2009-04-11 16:31 22 --sha-w- c:\windows\SMINST\HPCD.sys
    2008-07-02 16:13 . 2008-07-02 16:13 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
    "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-03-10 2079256]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

    [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-06-02 11:37 1004800 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
    2009-03-10 09:47 2079256 ----a-w- c:\program files\BS_Player\tbBS_P.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-03-10 2079256]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

    [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2009-03-10 2079256]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

    [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
    "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-21 148888]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
    "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{1F1A5F2C-0E0D-49F9-BD15-679FC4717866}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
    "{2356F9ED-8EC9-4BF1-AC9F-4A8570523401}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
    "{F1F06440-4AA0-4501-BB26-8F1B189EA5DA}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
    "{545F637C-5801-407E-9566-D38F7CEB2CD8}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "{130495B3-2637-4FF6-B274-7D69C70A40BB}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
    "TCP Query User{EB899DF5-7234-4B41-B988-0957FA030B5C}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
    "UDP Query User{081AD2A0-1961-42E0-A2E3-414A03F8F79D}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
    "TCP Query User{37DC3E7A-5604-415A-8A7E-BE3BE692245F}c:\\program files\\cambridgesoft\\chemoffice2005\\chemdraw\\chemdraw.exe"= UDP:c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe:ChemDraw Ultra 9.0
    "UDP Query User{110A5E4B-B0F9-4317-93CB-ACBC78B423A5}c:\\program files\\cambridgesoft\\chemoffice2005\\chemdraw\\chemdraw.exe"= TCP:c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe:ChemDraw Ultra 9.0
    "{3F641AA4-1CE0-46ED-85A2-7447840C9167}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
    "{DFF60A47-B835-4AA6-BA80-ADB7B9CB48A0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{FF8C760F-5FBE-4333-94E5-08838E456EC9}c:\\program files\\opera\\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
    "UDP Query User{B5C81502-723F-4BBD-AB0B-8871A8A96653}c:\\program files\\opera\\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
    "TCP Query User{9F0D4D07-1571-40CD-9F03-5FBE7C26F578}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
    "UDP Query User{480A6F89-B87E-420D-9D9C-0FE7A4573750}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
    "{2AB5F28D-0522-471B-BAA6-3394DF8327EA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
    "TCP Query User{67ABF20B-DE02-4F2F-9C99-25EB8E514377}c:\\program files\\cambridgesoft\\chemoffice2005\\chemdraw\\chemdraw.exe"= UDP:c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe:ChemDraw Ultra 9.0
    "UDP Query User{DA510FA5-084B-4EA3-9CFE-6B90BE88463B}c:\\program files\\cambridgesoft\\chemoffice2005\\chemdraw\\chemdraw.exe"= TCP:c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe:ChemDraw Ultra 9.0
    "TCP Query User{718722B3-3977-4CAF-9864-6231EAFFB6D4}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "UDP Query User{039689EE-2868-49FB-8DC8-5BD66505633C}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
    "TCP Query User{C10BB3B8-5047-4D31-8A74-577A97B14B3E}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
    "UDP Query User{2CAAB664-AE19-454F-BBA2-78BA8DA9B50A}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
    "TCP Query User{1A0801C8-49AF-40B7-AF32-DEF68B8737CA}c:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\java.exe:Java(TM) Platform SE binary
    "UDP Query User{75C73D2A-DF07-4DAF-834A-3DB2AA750239}c:\\program files\\java\\jre1.6.0_05\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\java.exe:Java(TM) Platform SE binary
    "TCP Query User{99488FF5-5C81-4724-A1D3-9DBD8B561128}c:\\program files\\halflife\\hl.exe"= UDP:c:\program files\halflife\hl.exe:Half-Life Launcher
    "UDP Query User{A40C8838-94B6-4182-A37B-7DFC8DE312D4}c:\\program files\\halflife\\hl.exe"= TCP:c:\program files\halflife\hl.exe:Half-Life Launcher
    "TCP Query User{30B05A7A-A4E7-486D-8274-8466682DEF7E}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
    "UDP Query User{7B3C37EB-A3C5-4976-8A88-F9539CC7694D}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21/04/2009 11:15 335752]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [01/12/2008 01:20 73728]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/04/2009 11:14 298776]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
    R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 17:24 19456]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [02/07/2008 10:13 341328]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [02/07/2008 09:05 193840]
    R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 15:23 52736]
    R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01/04/2008 13:14 81296]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [23/05/2008 05:29 43552]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{83DC2AF8-0948-46AB-A7CE-5EFAA7459AB9}.job
    - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
    .
    .
    ------- Supplementary Scan -------
    .
    mWindow Title =
    uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    FF - ProfilePath - c:\users\loquacissima\AppData\Roaming\Mozilla\Firefox\Profiles\7yd43ysh.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: network.proxy.type - 2
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Opera\program\plugins\npmmaud.dll
    FF - plugin: c:\program files\Opera\program\plugins\npmmprog.dll
    FF - plugin: c:\program files\Opera\program\plugins\npmmvid.dll
    FF - plugin: c:\program files\Opera\program\plugins\npmmzip.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-16 13:57
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-08-16 13:59
    ComboFix-quarantined-files.txt 2009-08-16 11:59

    Pre-Run: 113 344 667 648 octets libres
    Post-Run: 113 305 518 080 octets libres

    248 --- E O F --- 2009-08-15 18:02

    et pour Hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:44:05, on 15/08/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18294)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
    O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}: NameServer = 85.255.112.83,85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}: NameServer = 85.255.112.83,85.255.112.20
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.83,85.255.112.20
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.83,85.255.112.20
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
    0
  13. kduc Messages postés 1537 Statut Membre 133
     
    ...

    " Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:44:05, on 15/08/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18294)
    "

    Tu peux relancer un HJT d' aujourd' hui, stp !?
    0
  14. loqua
     
    je l'avais relancé juste apres combo....
    Je viens de relancer HJT, j'ai tjr un rapport daté d'hier. J'ai donc désinstallé et réinstallé le programme...

    Voici le rapport:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:59:11, on 16/08/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18294)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
    R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
    O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
    0
  15. kduc Messages postés 1537 Statut Membre 133
     
    ...

    (si ce n’ est déjà fait) Télécharge CCleaner :
    http://www.filehippo.com/download_ccleaner.html
    ("Download Latest Version", sur la droite) et laisse-toi guider.
    A un moment, il te sera demandé de cocher :
    "Ajouter la barre d' outils Yahoo". Refuse et …
    Laisse-le s’ installer tel que …

    -------
    Redémarre le PC en mode sans échec ...
    https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.html
    (méthode F8 de préférence)

    --------------------------------------------
    Tu n' auras pas accès à Internet pendant le "mode sans échec".
    Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la
    sur le "bureau" pour l' avoir à ta disposition.
    --------------------------------------------

    Ferme toutes les fenêtres et applications.
    Relance HijackThis et clique sur > Do a system scan only puis, coche
    les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
    O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

    Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis.

    Affiche les fichiers et dossiers cachés
    https://www.micro-astuce.com/Forum/afficher-les-fichiers-caches-t1607.html

    Rends-toi dans > Démarrer > Panneau de config. > Programmes et fonctionnalités

    Supprime, si tu le(s) trouves > Megaupload

    Ensuite, va dans > Démarrer > Poste de travail > C:\

    et supprime le(s) fichier(s) en gras, ci-dessous, si tu le(s) trouves.

    C:\Program Files\Megaupload ou Megaupload Toolbar

    Remet les fichiers et dossiers cachés comme tu les as trouvés !

    Lance CCleaner ...
    Clique sur > Analyser > Nettoyer, puis sur OK dans la fenêtre qui s' affiche.
    (re)Lance le nettoyage et (re)confirme par OK.

    Redémarre le PC en mode normal ...

    Enfin, retente avec SmitFraudFix.

    Et si ça ne marche pas, on essaiera Malwarebytes.
    0
  16. loqua
     
    j'ai pu lancer Smithfraudfix en tant qu'administrateur (je ne l'avais pas fait la première fois...)

    voici le rapport:

    SmitFraudFix v2.423

    Scan done at 16:18:36,57, 16/08/2009
    Run from C:\Users\loquacissima\Desktop\SmitfraudFix
    OS: Microsoft Windows [version 6.0.6001] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Opera\opera.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\loquacissima\Desktop\SmitfraudFix\Policies.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\DllHost.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\loquacissima

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LOQUAC~1\AppData\Local\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\loquacissima\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LOQUAC~1\FAVORI~1

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, following keys are not inevitably infected!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri
    0
  17. kduc Messages postés 1537 Statut Membre 133
     
    ...

    SmitFraudFix n' a rien donné.

    Télécharge, installe et mets à jour Malwarebytes Anti-Malwares
    http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.

    PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats,
    puis sur Supprimer la sélection.
    0
  18. loqua
     
    Malwarebytes Anti-Malwares ne détecte plus aucune infection...

    voici le rapport:

    Malwarebytes' Anti-Malware 1.40
    Version de la base de données: 2635
    Windows 6.0.6001 Service Pack 1

    16/08/2009 18:32:48
    mbam-log-2009-08-16 (18-32-48).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 281827
    Temps écoulé: 1 hour(s), 27 minute(s), 38 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  19. kduc Messages postés 1537 Statut Membre 133
     
    ...

    Si tu relances Windows Defender que dit-il ?
    0
  20. loqua
     
    "Aucun logiciel non désiré ou potentiellement dangereux n'a été détecté
    votre ordinateur s'exécute normalement"
    0
  21. kduc Messages postés 1537 Statut Membre 133
     
    Salut,

    OK.

    Maintenant, pour terminer ...

    Fais ce scan en ligne : http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Clique sur J' accepte > Démarrer l' analyse, etc ...

    Une fois le scan achevé, sauvegarde le rapport et poste-le.

    Tuto : https://forum.pcastuces.com/default.asp

    ---
    PS : désactive tes protections résidentes, notamment celle d' AVG, le temps du scan ...

    https://forum.pcastuces.com/default.asp

    ---
    Bonne journée.
    0
  • 1
  • 2