trojandownloader Win32/Renos.JM

Question

Bonjour,

J'ai windows defender qui me dit que j'ai ce trojan. Quand j'essaie de le supprimer la fenetre disparait mais le message réapparait quelques instants plus tard...

Pouvez vous m'aider? 

Merci d'avance

kduc · Answer

Salut,

Télécharge et installe SmitFraudFix (par S!Ri) :
http://siri.urz.free.fr/Fix/SmitfraudFix.php 

Double-clique sur SmitfraudFix.exe 
Dans le menu, fais le choix 1 et appuie sur "Entrée" pour créer un
rapport que tu trouveras à la racine du disque dur C:\rapport.txt

Poste-le.

loqua · Answer

Merci kduc pour votre aide! 

SmitfraudFix ne fonctionne pas correctement, ca me dit: acces refusé

J'ai fait en attendant votre réponse, voyant les autres réponses sur le forum, un log avec hijackthis

dont voici le rapport: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:05, on 15/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player	bBS_P.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player	bBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player	bBS_P.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}: NameServer = 85.255.112.83,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}: NameServer = 85.255.112.83,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.83,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.83,85.255.112.20
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe

kduc · Answer

...

Télécharge WareOut Removal Tool (par dj QUIOU & la team sécurité MH) :
http://pc-system.fr/

Lance le fichier WareOut_Removal_Tool.bat et choisis l'option 1.

Patiente (une à deux minutes maximum) pendant que le programme sauvegarde le regsitre.

Lis bien attentivement les instructions qui te seront données.

En fin d'analyse, un rapport va s'ouvrir ; poste-le.

---
Ensuite, ...

Télécharge Toolbar S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue de ton choix puis, valide avec la touche "Entrée".
Ensuite, choisis l'option 1 (Recherche).
Patiente jusqu'à la fin de la recherche.
Le contenu du rapport est situé dans : C:\TB.txt
Poste-le.

loqua · Answer

alors pour le premier rapport: wareout

===== Rapport WareOut Removal Tool ===== 
 
version 3.6.2 
 
analyse effectuée le 15/08/2009 à 23:26:49,40 
 
Résultats de l'analyse : 
======================== 
 
~~~~ Recherche d'infections dans C:\ ~~~~ 
 
 
~~~~ Recherche d'infections dans C:\Program Files\ ~~~~ 
 
 
~~~~ Recherche d'infections dans C:\Windows\system\ ~~~~ 
 
 
~~~~ Recherche d'infections dans C:\Windows\system32\ ~~~~ 
 
 
~~~~ Recherche d'infections dans C:\Windows\system32\drivers\ ~~~~ 
 
 
~~~~ Recherche d'infections dans C:\Users\loquacissima\AppData\Roaming\ ~~~~ 
 
 
~~~~ Recherche d'infections dans C:\Users\loquacissima\Bureau\ ~~~~ 
 
 
~~~~ Recherche de détournement de DNS ~~~~ 
 
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
    DhcpNameServer    REG_SZ    85.255.112.83,85.255.112.20
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
    DhcpNameServer    REG_SZ    85.255.112.83,85.255.112.20
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
    DhcpNameServer    REG_SZ    85.255.112.83,85.255.112.20
 
 
~~~~ Recherche de Rootkits ~~~~ 
 
_______________________________________________________________________ 
 
driver loading error disk not found C:\

please note that you need administrator rights to perform deep scan
_______________________________________________________________________ 


 
 
~~~~ Recherche d'infections dans C:\Users\LOQUAC~1\AppData\Local\Temp\ ~~~~ 
 
 
~~~~ Recherche d'infections dans C:\Users\loquacissima\Start Menu\Programs\ ~~~~ 
 
 
~~~~ Nettoyage du registre ~~~~ 
 
 
~~~~ Tentative de réparation des entrées suivantes: ~~~~ 
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] = "System" 
 
[HKLM\SYSTEM\CurrentControlSet\Services\Windows Tribute Service] 
[HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_Windows Tribute Service] 
 
~~~~ Vérification: ~~~~ 


 
 
_________________________________ 
 
développé par http://pc-system.fr 


et pour toolbar:

 -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista&#8482; Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     T5800  @ 2.00GHz )
   BIOS : Default System BIOS
   USER : loquacissima ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG Anti-Virus Free 8.0 (Activated)
   C:\ (Local Disk) - NTFS - Total:223 Go (Free:106 Go)
   D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
   E:\ (CD or DVD)
   F:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 15/08/2009|23:31 )

   [ UAC => 1 ]

   -----------\  Recherche de Fichiers / Dossiers ...

   [Service] ASKService
   [Service] ASKUpgrade
   C:\Program Files\AskBarDis
   C:\Program Files\AskBarDis\bar
   C:\Program Files\AskBarDis\unins000.dat
   C:\Program Files\AskBarDis\unins000.exe
   C:\Program Files\AskBarDis\bar\bin
   C:\Program Files\AskBarDis\bar\Settings
   C:\Program Files\AskBarDis\bar\bin\askBar.dll
   C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
   C:\Program Files\AskBarDis\bar\bin\AskService.exe
   C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
   C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
   C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
   C:\Program Files\AskBarDis\bar\bin\psvince.dll
   C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
   C:\Program Files\AskBarDis\bar\Settings\config.dat
   C:\Program Files\AskBarDis\bar\Settings\config.dat.bak

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF"
   "Local Page"="C:\Windows\system32\blank.htm"
   "Search Page"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
   "Search Bar"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF"
   "Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer    REG_SZ    85.255.112.83,85.255.112.20
   [b]==> WAREOUT <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\Users\LOQUAC~1\Documents\CambridgeSoft-fichier installation\ChemOffice\keygen.exe
   C:\Users\LOQUAC~1\Music\musique\ABBA-_The_Definitive_Collection_-_by_baleog3\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).mp3


   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 15/08/2009|23:31 - Option : [1]

   -----------\  Fin du rapport a 23:31:27,38

kduc · Answer

...

"--------------------\ Cracks & Keygens .. 

C:\Users\LOQUAC~1\Documents\CambridgeSoft-fichier installation\ChemOffice\keygen.exe 
C:\Users\LOQUAC~1\Music\musique\ABBA-_The_Definitive_Collection_-_by_baleog3\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).mp3  "

https://forum.malekal.com/viewtopic.php?t=893&start=

---
Relance Toolbar-S&D en double-cliquant sur le raccourci.
Fais le choix 2, puis valide en appuyant sur Entrée.

Ne ferme pas la fenêtre lors de la suppression !

Un rapport est généré. Poste-le dans ta prochaine réponse.

PS : si ton bureau ne réapparaît pas, appuie simultanément sur
Ctrl/Alt/Suppr pour ouvrir le Gestionnaire de tâches.
Rends-toi sur l’ onglet "Processus" ; clique en haut, à gauche sur
"Fichier" et choisis "Exécuter..."
Tape explorer, puis valide.

---
Télécharge,  installe et mets à jour Malwarebytes Anti-Malwares …
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html
puis, lance un scan COMPLET et poste le rapport.

PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats, 
puis sur Supprimer la sélection.

loqua · Answer

Bonjour,

Voici le rapport de Toolbar: 


   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista&#8482; Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     T5800  @ 2.00GHz )
   BIOS : Default System BIOS
   USER : loquacissima ( Administrator )
   BOOT : Normal boot
   Antivirus : AVG Anti-Virus Free 8.0 (Activated)
   C:\ (Local Disk) - NTFS - Total:223 Go (Free:106 Go)
   D:\ (Local Disk) - NTFS - Total:9 Go (Free:1 Go)
   E:\ (CD or DVD)
   F:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 16/08/2009| 0:03 )

   [ UAC => 1 ]

   -----------\ SUPPRESSION

   Supprime! - [Service] ASKService
   Supprime! - [Service] ASKUpgrade
   Supprime! - C:\Program Files\AskBarDis\bar
   Supprime! - C:\Program Files\AskBarDis\unins000.dat
   Supprime! - C:\Program Files\AskBarDis\unins000.exe
   Supprime! - C:\Program Files\AskBarDis

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Page_URL"="http://ie.redirect.hp.com/..."
   "Local Page"="C:\Windows\system32\blank.htm"
   "Search Page"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
   "Search Bar"="https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="http://ie.redirect.hp.com/..."
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    NameServer    REG_SZ    85.255.112.83,85.255.112.20
   [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}]
    DhcpNameServer    REG_SZ    85.255.112.83,85.255.112.20
   [b]==> WAREOUT <==/b
 
   --------------------\  Cracks & Keygens ..

   C:\Users\LOQUAC~1\Documents\CambridgeSoft-fichier installation\ChemOffice\keygen.exe
   C:\Users\LOQUAC~1\Music\musique\ABBA-_The_Definitive_Collection_-_by_baleog3\The Definitive Collection Disc 2\12 The Visitors (Crackin' Up).mp3


   [ UAC => 1 ]

Ensuite pour Malwarebytes Anti-Malwares, le lien que vous m'avait donné ne marchait pas, j'ai cherché et trouvé tout de meme le programme Malwarebytes Anti-Malwares 1.4. Cependant, une erreur se produit lors de la mise à jour, je pense que cela vient du trojan, j'ai le meme probleme avec mon spybot. J'ai tout de meme lancer l'analyse.... 15 eléments infectés donc supprimés

Voici le rapport: 

Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ESQULserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{41761a96-69e5-4ab7-8c08-0d457fd20fda}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{41761a96-69e5-4ab7-8c08-0d457fd20fda}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{41761a96-69e5-4ab7-8c08-0d457fd20fda}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f51b00ea-55e8-4693-b6c9-a5da57d81264}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

loqua · Answer

le probleme a l'air d'etre réglé, merci beaucoup kduc!

kduc · Answer

Salut,

Je ne suis pas persuadé que le problème soit réglé !

-----
Clique droit sur ce lien pour installer ComboFix (par sUBs) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Choisis "Enregistrer sous" (dans IE c'est "Enregistrer la cible/le lien sous..")
et sauvegarde-le (Enregistrer dans) sur le Bureau.

Important : dans "Nom du fichier" enregistre (renomme) "combofix" en combo-fix.exe

Prends connaissance de ce tutoriel : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Ferme toutes les fenêtres et applications. 
Déconnecte-toi du net et désactive tes protections résidentes :
https://forum.pcastuces.com/default.asp

A ce stade, désactive l' UAC (important) : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/desactiver-controle-utilisateurs-sujet_198996_1.htm

Sur le bureau, double clique combo-fix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
ComboFix redémarrera ton PC.
Lorsque le scan sera complété, un rapport apparaîtra. 
Copie/colle ce rapport dans ta prochaine réponse et nouveau rapport hijackthis.

PS : Le rapport se trouve également ici : C:\Combofix.txt

Ne pas cliquer dans la fenêtre de Combofix durant l’analyse car, cela pourrait provoquer 
le gel du programme !

loqua · Answer

combo detecte que AVG est en marche alors que j'ai arreté ce programme, dans le lien pour désactiver les protections résidentes il y a rien sur AVG. Que dois-je faire?

loqua · Answer

J'ai trouvé pour desactiver le resident shield d'AVG

Dc pour le rapport de combo j'ai: 

ComboFix 09-08-10.06 - loquacissima 16/08/2009 13:52.1.2 - NTFSx86
Microsoft® Windows Vista&#8482; Édition Familiale Premium   6.0.6001.1.1252.33.1036.18.3068.1973 [GMT 2:00]
Running from: c:\users\loquacissima\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1e5cd.msi


.
(((((((((((((((((((((((((   Files Created from 2009-07-16 to 2009-08-16  )))))))))))))))))))))))))))))))
.

2009-08-16 11:50 . 2009-08-16 11:50	6736	----a-w-	c:\windows\system32\drivers\PROCEXP90.SYS
2009-08-15 22:10 . 2009-08-15 22:10	--------	d-----w-	c:\users\loquacissima\AppData\Roaming\Malwarebytes
2009-08-15 22:10 . 2009-08-03 11:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-15 22:10 . 2009-08-15 22:10	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-08-15 22:10 . 2009-08-15 22:10	--------	d-----w-	c:\programdata\Malwarebytes
2009-08-15 22:10 . 2009-08-03 11:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-08-15 21:30 . 2009-08-15 22:03	--------	d-----w-	C:\ToolBar SD
2009-08-15 21:25 . 2009-08-15 21:27	--------	d-----w-	C:\WORT
2009-08-15 19:43 . 2009-08-15 19:43	--------	d-----w-	c:\program files\Trend Micro
2009-08-14 23:21 . 2009-08-14 23:22	--------	d-----w-	c:\program files\QuickTime
2009-08-14 23:21 . 2009-08-14 23:21	--------	d-----w-	c:\programdata\Apple Computer
2009-08-14 23:20 . 2009-08-14 23:20	--------	d-----w-	c:\users\loquacissima\AppData\Local\Apple
2009-08-14 23:20 . 2009-08-14 23:20	--------	d-----w-	c:\program files\Apple Software Update
2009-08-14 23:20 . 2009-08-14 23:20	--------	d-----w-	c:\programdata\Apple
2009-08-13 15:36 . 2009-08-13 15:36	10684866	----a-w-	c:\users\loquacissima\AppData\Roaming\Azureus\plugins\azump\mplayer.exe
2009-08-13 10:36 . 2009-08-15 08:51	182	----a-w-	c:\users\loquacissima\AppData\Roaming\Azureusestart.bat
2009-08-13 09:59 . 2009-06-04 12:34	2066432	----a-w-	c:\windows\system32\mstscax.dll
2009-08-13 09:55 . 2009-07-14 13:00	313344	----a-w-	c:\windows\system32\wmpdxm.dll
2009-08-13 09:55 . 2009-07-14 12:58	7680	----a-w-	c:\windows\system32\spwmp.dll
2009-08-13 09:55 . 2009-07-14 12:59	4096	----a-w-	c:\windows\system32\dxmasf.dll
2009-08-13 09:55 . 2009-07-14 10:59	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2009-08-13 09:45 . 2009-07-17 14:35	71680	----a-w-	c:\windows\system32\atl.dll
2009-08-13 09:45 . 2009-06-10 12:12	160256	----a-w-	c:\windows\system32\wkssvc.dll
2009-08-13 09:45 . 2009-06-10 12:07	91136	----a-w-	c:\windows\system32\avifil32.dll
2009-08-02 17:25 . 2009-08-02 17:25	--------	d-----w-	c:\users\loquacissima\AppData\Roaming\ArcSoft
2009-08-02 17:00 . 2009-08-12 12:06	--------	d-----w-	c:\users\loquacissima\AppData\Roaming\Canon
2009-08-02 16:53 . 2009-08-02 16:53	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2009-08-02 16:52 . 2008-04-03 03:00	198656	----a-w-	c:\windows\system32\CNMLM7K.DLL
2009-08-02 16:52 . 2008-02-07 13:59	195072	----a-w-	c:\windows\system32\CNCC150.DLL
2009-08-02 16:52 . 2008-02-07 13:59	37888	----a-w-	c:\windows\system32\CNCI150.DLL
2009-08-02 16:52 . 2006-06-29 12:29	106496	----a-w-	c:\windows\system32\cncisco.dll
2009-08-02 16:52 . 2005-05-30 17:45	139264	----a-w-	c:\windows\system32\CNCL150.DLL
2009-08-02 16:51 . 2009-08-02 16:51	--------	d--h--w-	c:\program files\CanonBJ
2009-08-02 16:47 . 2009-08-02 16:47	--------	d-----w-	c:\program files\Common Files\Canon
2009-08-02 16:23 . 2009-08-02 16:23	--------	d-----w-	c:\users\loquacissima\AppData\Roaming\ScanSoft
2009-08-02 16:23 . 2009-08-02 16:23	--------	d-----w-	c:\programdata\SSScanWizard
2009-08-02 16:23 . 2009-08-02 16:23	--------	d-----w-	c:\programdata\SSScanAppDataDir
2009-08-02 16:23 . 2009-08-02 16:23	--------	d-----w-	c:\program files\Common Files\ScanSoft Shared
2009-08-02 16:23 . 2009-08-02 16:23	--------	d-----w-	c:\program files\ScanSoft
2009-08-02 16:21 . 2009-08-02 16:21	--------	d-----w-	c:\program files\ArcSoft
2009-08-02 16:21 . 1995-08-01 02:44	212480	----a-w-	c:\windows\PCDLIB32.DLL
2009-08-02 16:20 . 1998-11-13 11:16	308224	----a-w-	c:\windows\IsUn040c.exe
2009-08-02 16:19 . 2009-08-02 16:19	--------	d-----w-	c:\windows\StartHtmico
2009-08-02 16:17 . 2009-08-02 16:36	--------	d-----w-	c:\program files\Canon
2009-08-02 16:01 . 2009-08-02 16:02	--------	d-----w-	c:\users\loquacissima\AppData\Roaming\muvee Technologies
2009-07-24 10:48 . 2009-08-16 10:52	--------	d--h--w-	C:\$AVG8.VAULT$
2009-07-21 11:13 . 2009-06-15 15:24	156672	----a-w-	c:\windows\system32	2embed.dll
2009-07-21 11:13 . 2009-06-15 15:20	72704	----a-w-	c:\windows\system32\fontsub.dll
2009-07-21 11:13 . 2009-06-15 15:20	10240	----a-w-	c:\windows\system32\dciman32.dll
2009-07-21 11:13 . 2009-06-15 12:52	289792	----a-w-	c:\windows\system32\atmfd.dll
2009-07-21 11:09 . 2009-07-21 11:09	410984	----a-w-	c:\windows\system32\deploytk.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-16 11:20 . 2008-11-30 23:49	43224	----a-w-	c:\programdata
vModes.dat
2009-08-15 21:20 . 2009-04-11 18:32	--------	d-----w-	c:\program files\Yahoo!
2009-08-15 19:28 . 2008-07-02 16:10	679418	----a-w-	c:\windows\system32\perfh00C.dat
2009-08-15 19:28 . 2008-07-02 16:10	128418	----a-w-	c:\windows\system32\perfc00C.dat
2009-08-15 14:39 . 2009-04-11 18:43	--------	d-----w-	c:\users\loquacissima\AppData\Roaming\Azureus
2009-08-14 23:25 . 2009-04-11 18:43	--------	d-----w-	c:\program files\Vuze
2009-08-13 18:04 . 2008-07-02 07:55	--------	d-----w-	c:\programdata\Microsoft Help
2009-08-13 18:03 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-08-12 17:27 . 2009-04-11 18:28	--------	d-----w-	c:\users\loquacissima\AppData\Roaming\Winamp
2009-08-04 08:00 . 2009-04-12 16:48	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-08-02 16:21 . 2008-07-02 06:34	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-26 11:22 . 2009-04-11 18:33	--------	d-----w-	c:\program files\Messenger Plus! Live
2009-07-24 08:55 . 2009-04-21 09:15	335752	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-07-21 11:09 . 2008-07-02 08:18	--------	d-----w-	c:\program files\Java
2009-07-18 16:06 . 2009-07-29 10:16	827904	----a-w-	c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 10:16	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 10:16	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2009-06-26 20:27 . 2009-06-26 20:27	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-24 20:36 . 2009-06-24 20:36	--------	d--h--w-	c:\programdata\CanonBJ
2009-06-19 09:22 . 2009-04-21 09:14	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-06-03 11:30 . 2009-04-11 15:06	106552	----a-w-	c:\users\loquacissima\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-21 09:32 . 2009-05-15 08:43	680	----a-w-	c:\users\loquacissima\AppData\Local\d3d9caps.dat
2008-11-19 09:50 . 2009-04-14 15:39	500769815	----a-w-	c:\program files\Office 2007 pro plus fr + cléf.rar
2009-04-11 16:31 . 2009-04-11 16:31	22	--sha-w-	c:\windows\SMINST\HPCD.sys
2008-07-02 16:13 . 2008-07-02 16:13	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player	bBS_P.dll" [2009-03-10 2079256]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-02 11:37	1004800	----a-w-	c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-03-10 09:47	2079256	----a-w-	c:\program files\BS_Player	bBS_P.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player	bBS_P.dll" [2009-03-10 2079256]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player	bBS_P.dll" [2009-03-10 2079256]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-02 1004800]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-04-15 442433]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-04-23 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-01 554288]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-21 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1F1A5F2C-0E0D-49F9-BD15-679FC4717866}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{2356F9ED-8EC9-4BF1-AC9F-4A8570523401}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{F1F06440-4AA0-4501-BB26-8F1B189EA5DA}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{545F637C-5801-407E-9566-D38F7CEB2CD8}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{130495B3-2637-4FF6-B274-7D69C70A40BB}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{EB899DF5-7234-4B41-B988-0957FA030B5C}c:\program files\vuze\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{081AD2A0-1961-42E0-A2E3-414A03F8F79D}c:\program files\vuze\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{37DC3E7A-5604-415A-8A7E-BE3BE692245F}c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe"= UDP:c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe:ChemDraw Ultra 9.0
"UDP Query User{110A5E4B-B0F9-4317-93CB-ACBC78B423A5}c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe"= TCP:c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe:ChemDraw Ultra 9.0
"{3F641AA4-1CE0-46ED-85A2-7447840C9167}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{DFF60A47-B835-4AA6-BA80-ADB7B9CB48A0}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{FF8C760F-5FBE-4333-94E5-08838E456EC9}c:\program files\opera\opera.exe"= UDP:c:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{B5C81502-723F-4BBD-AB0B-8871A8A96653}c:\program files\opera\opera.exe"= TCP:c:\program files\opera\opera.exe:Opera Internet Browser
"TCP Query User{9F0D4D07-1571-40CD-9F03-5FBE7C26F578}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{480A6F89-B87E-420D-9D9C-0FE7A4573750}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{2AB5F28D-0522-471B-BAA6-3394DF8327EA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{67ABF20B-DE02-4F2F-9C99-25EB8E514377}c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe"= UDP:c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe:ChemDraw Ultra 9.0
"UDP Query User{DA510FA5-084B-4EA3-9CFE-6B90BE88463B}c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe"= TCP:c:\program files\cambridgesoft\chemoffice2005\chemdraw\chemdraw.exe:ChemDraw Ultra 9.0
"TCP Query User{718722B3-3977-4CAF-9864-6231EAFFB6D4}c:\program files\skype\phone\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"UDP Query User{039689EE-2868-49FB-8DC8-5BD66505633C}c:\program files\skype\phone\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath 
"TCP Query User{C10BB3B8-5047-4D31-8A74-577A97B14B3E}c:\program files\java\jre1.6.0_05\bin\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{2CAAB664-AE19-454F-BBA2-78BA8DA9B50A}c:\program files\java\jre1.6.0_05\bin\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{1A0801C8-49AF-40B7-AF32-DEF68B8737CA}c:\program files\java\jre1.6.0_05\bin\java.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{75C73D2A-DF07-4DAF-834A-3DB2AA750239}c:\program files\java\jre1.6.0_05\bin\java.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{99488FF5-5C81-4724-A1D3-9DBD8B561128}c:\program files\halflife\hl.exe"= UDP:c:\program files\halflife\hl.exe:Half-Life Launcher
"UDP Query User{A40C8838-94B6-4182-A37B-7DFC8DE312D4}c:\program files\halflife\hl.exe"= TCP:c:\program files\halflife\hl.exe:Half-Life Launcher
"TCP Query User{30B05A7A-A4E7-486D-8274-8466682DEF7E}c:\program files\windows sidebar\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{7B3C37EB-A3C5-4976-8A88-F9539CC7694D}c:\program files\windows sidebar\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [21/04/2009 11:15 335752]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe [01/12/2008 01:20 73728]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/04/2009 11:14 298776]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 04:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18/03/2008 17:24 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [02/07/2008 10:13 341328]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [02/07/2008 09:05 193840]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 15:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01/04/2008 13:14 81296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers
vhda32v.sys [23/05/2008 05:29 43552]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-16 c:\windows\Tasks\User_Feed_Synchronization-{83DC2AF8-0948-46AB-A7CE-5EFAA7459AB9}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
mWindow Title = 
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
FF - ProfilePath - c:\users\loquacissima\AppData\Roaming\Mozilla\Firefox\Profiles\7yd43ysh.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins
pmmaud.dll
FF - plugin: c:\program files\Opera\program\plugins
pmmprog.dll
FF - plugin: c:\program files\Opera\program\plugins
pmmvid.dll
FF - plugin: c:\program files\Opera\program\plugins
pmmzip.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology
pViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 13:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-16 13:59
ComboFix-quarantined-files.txt  2009-08-16 11:59

Pre-Run: 113 344 667 648 octets libres
Post-Run: 113 305 518 080 octets libres

248	--- E O F ---	2009-08-15 18:02


et pour Hijackthis: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:05, on 15/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player	bBS_P.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player	bBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player	bBS_P.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O17 - HKLM\System\CCS\Services\Tcpip\..\{41761A96-69E5-4AB7-8C08-0D457FD20FDA}: NameServer = 85.255.112.83,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{F51B00EA-55E8-4693-B6C9-A5DA57D81264}: NameServer = 85.255.112.83,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.83,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.83,85.255.112.20
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe

kduc · Answer

...

" Logfile of Trend Micro HijackThis v2.0.2 
Scan saved at 21:44:05, on 15/08/2009 
Platform: Windows Vista SP1 (WinNT 6.00.1905) 
MSIE: Internet Explorer v7.00 (7.00.6001.18294) "

Tu peux relancer un HJT d' aujourd' hui, stp !?

loqua · Answer

je l'avais relancé juste apres combo....
Je viens de relancer HJT, j'ai tjr un rapport daté d'hier. J'ai donc désinstallé et réinstallé le programme...

Voici le rapport: 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:11, on 16/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player	bBS_P.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player	bBS_P.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player	bBS_P.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
vvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe

kduc · Answer

...

(si ce n’ est déjà fait) Télécharge CCleaner :
http://www.filehippo.com/download_ccleaner.html
("Download Latest Version", sur la droite) et laisse-toi guider.
A un moment, il te sera demandé de cocher :
"Ajouter la barre d' outils Yahoo". Refuse et …
Laisse-le s’ installer tel que …

-------
Redémarre le PC en mode sans échec ... 
https://www.pcastuces.com/pratique/windows/mode_sans_echec/page2.html
(méthode F8 de préférence) 
 
-------------------------------------------- 
Tu n' auras pas accès à Internet pendant le "mode sans échec". 
Aussi, copie/colle la procédure dans un fichier texte (word) et mets-la 
sur le "bureau" pour l' avoir à ta disposition. 
--------------------------------------------

Ferme toutes les fenêtres et applications.
Relance HijackThis et clique sur > Do a system scan only puis, coche 
les cases devant les lignes qui suivent (et uniquement ces lignes), si tjrs présentes :

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

Ensuite, clique sur > Fix checked et valide par "Yes". Referme HijackThis. 

Affiche les fichiers et dossiers cachés … 
https://www.micro-astuce.com/Forum/afficher-les-fichiers-caches-t1607.html

Rends-toi dans > Démarrer > Panneau de config. > Programmes et fonctionnalités

Supprime, si tu le(s) trouves > Megaupload

Ensuite, va dans > Démarrer > Poste de travail > C:\

et supprime le(s) fichier(s) en gras, ci-dessous, si tu le(s) trouves.

C:\Program Files\Megaupload ou Megaupload Toolbar

Remet les fichiers et dossiers cachés comme tu les as trouvés ! 

Lance CCleaner ...
Clique sur > Analyser > Nettoyer, puis sur OK dans la fenêtre qui s' affiche.  
(re)Lance le nettoyage et (re)confirme par OK.

Redémarre le PC en mode normal ...

Enfin, retente avec SmitFraudFix.

Et si ça ne marche pas, on essaiera Malwarebytes.

loqua · Answer

j'ai pu lancer Smithfraudfix en tant qu'administrateur (je ne l'avais pas fait la première fois...)

voici le rapport: 

SmitFraudFix v2.423

Scan done at 16:18:36,57, 16/08/2009
Run from C:\Users\loquacissima\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32
vvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32undll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Windows\System32undll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\loquacissima\Desktop\SmitfraudFix\Policies.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\DllHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\loquacissima


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LOQUAC~1\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\loquacissima\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LOQUAC~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

kduc · Answer

...

SmitFraudFix n' a rien donné.

Télécharge,  installe et mets à jour Malwarebytes Anti-Malwares …
http://forum.telecharger.01net.com/microhebdo/6/tuto-securite/tuto-malwaresbytes-anti-malware-352008/messages-1.html puis, lance un scan COMPLET et poste le rapport.

PS : si MalwareByte's a détecté des infections, clique sur Afficher les résultats, 
puis sur Supprimer la sélection.

loqua · Answer

Malwarebytes Anti-Malwares ne détecte plus aucune infection...

voici le rapport: 

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2635
Windows 6.0.6001 Service Pack 1

16/08/2009 18:32:48
mbam-log-2009-08-16 (18-32-48).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 281827
Temps écoulé: 1 hour(s), 27 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

kduc · Answer

...

Si tu relances Windows Defender que dit-il ?

loqua · Answer

"Aucun logiciel non désiré ou potentiellement dangereux n'a été détecté
votre ordinateur s'exécute normalement"

kduc · Answer

Salut,

OK.

Maintenant, pour terminer ...

Fais ce scan en ligne : http://www.bitdefender.fr/scan_fr/scan8/ie.html

Clique sur J' accepte > Démarrer l' analyse, etc ...

Une fois le scan achevé, sauvegarde le rapport et poste-le.

Tuto : https://forum.pcastuces.com/default.asp

---
PS : désactive tes protections résidentes, notamment celle d' AVG, le temps du scan ...

https://forum.pcastuces.com/default.asp

---
Bonne journée.

loqua · Answer

désolé, j'ai fait une fausse manip! j'ai alors voulu supprimé le dossier bioscan8 et recommencer mais mtn le programme ne veut plus s'installer....

Que dois-je faire?

loqua · Answer

Finalement j'ai réussi à le réinstaller, mais j'ai un probleme.

Comme le prévoit aussi le tuto: 

Si ce message s'affiche : "Echec de la mise à jour des signatures", il suffit de supprimer ce fichier (en gras) -> C:\Windows\BDOSCAN8 et recommencer.

j'ai effectivement ce message, mais lorsque je supprime le fichier indiqué, et que je relance le scan, ca ne marche pas... il y a une sorte de message d'erreur qui apparait avec rien écrit dessus. 

Si je ne supprime pas le fichier, je peux lancer le scan mais celui-ci echoue...

Que dois-je faire?

kduc · Answer

Salut,

Tu l' a lancé à partir de la session Administrateur et avec l' UAC désactivé (+ antivirus désactivé) ?

Au besoin, ...

Lance un scan Nod32 https://www.eset.com/ 
(il faut utiliser Internet Explorer) …

Coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport : 
-> C:\Program Files\EsetOnlineScanner\log.txt <- le rapport

loqua · Answer

Voici le rapport: 


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=954179beadd3ef42a557fcfeedc004cc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-17 11:11:56
# local_time=2009-08-18 01:11:56 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1026 61 83 100 21250125433582
# compatibility_mode=5889 61 66 100 496685037127655
# scanned=187354
# found=2
# cleaned=2
# scan_time=2891
D:\autorun.inf	INF/Autorun virus (supprimé - mis en quarantaine)	00000000000000000000000000000000	C
D:\MS32DLL.dll.vbs	VBS/Butsur.B ver (nettoyé par suppression - mis en quarantaine)	00000000000000000000000000000000	C

loqua · Answer

j'avais pas vu l'onglet parametres avancés, j'ai dc refais un scan avec cette fois-ci toutes les cases cochées, voici le rapport: 


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=954179beadd3ef42a557fcfeedc004cc
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-08-18 12:42:19
# local_time=2009-08-18 02:42:19 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=1026 61 83 100 21304351593582
# compatibility_mode=5889 61 66 100 496739263287655
# scanned=187671
# found=2
# cleaned=2
# scan_time=4570
C:\$RECYCLE.BIN\S-1-5-21-2978966380-1069383893-1505965959-1000\$R8WWEI1\Process.exe	Win32/PrcView application (nettoyé par suppression - mis en quarantaine)	00000000000000000000000000000000	C
C:\$RECYCLE.BIN\S-1-5-21-2978966380-1069383893-1505965959-1000\$R8WWEI1\restart.exe	Win32/Shutdown.NAA application (nettoyé par suppression - mis en quarantaine)	00000000000000000000000000000000	C


Je vais etre loin de mon ordi pour une semaine.

kduc · Answer

Salut,

"... Je vais etre loin de mon ordi pour une semaine. "

Qui semble être débarrassé de Win32/Renos.JM

loqua · Answer

Voila une bonne nouvelle! 

Merci pour votre aide!

Dydou · Answer

Voici mon rapport :

SmitFraudFix v2.424

Scan done at 10:49:24,66, 19/12/2009
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32	askeng.exe
C:\Windows\system32	askeng.exe
C:\Users\Dylan\AppData\Local\Temp\j.exe
C:\Windows\msb.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SFR\Kit\9props.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Dylan\AppData\Local\Temp\b.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wuauclt.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Dylan


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Dylan\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Dylan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Dylan\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\Windows\system32\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek PCIe FE Family Controller
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2258D898-0C19-487D-B0B8-380B0FD3C2A7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{326F3714-B2D7-4B01-B2C8-F79D750BF100}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2258D898-0C19-487D-B0B8-380B0FD3C2A7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{326F3714-B2D7-4B01-B2C8-F79D750BF100}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2258D898-0C19-487D-B0B8-380B0FD3C2A7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{326F3714-B2D7-4B01-B2C8-F79D750BF100}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Que dois-je faire ??? 

SVP

kduc · Answer

Salut,

Qui t' as demandé de poster un rapport SmitFraudFix ?

Ne vois-tu pas que tu es dans le sujet de loqua !

PS : ton rapport ne révèle rien (de néfaste).

Dydou · Answer

Ok, alors comment je peut supprimé ce virus ??!

kduc · Answer

Salut,

Ouvre un sujet.

Un helper te viendra en aide.

LBT76240 · Answer

Si c'est le même que j'ai eu, suit cette soluce
Pour suprimer le virus ouvre windows defender
Va ensuite dans l'historique, tu remarquera que avant chaque info du Trojan il y a un programme Marquer Inconnu
Va voir dessus Pour exemple moi j'ai ceci
"Description :
Ce programme présente un comportement potentiellement non désiré.

Conseil :
N’autorisez cet élément détecté que si vous faites confiance au programme ou à l’éditeur du logiciel.

Ressources :
file:
C:\Windows	asks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

file:
C:\Users\Core2Duo\AppData\Local\Temp\c.exe

taskscheduler:
C:\Windows	asks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

Catégorie :
Non encore classifié"
Il m'a suffi de suprimer les 3 Ficher (C:\Windows	asks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
C:\Users\Core2Duo\AppData\Local\Temp\c.exe
C:\Windows	asks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job)
Et depuis pu le message du Trojan

niglo640 · Answer

bonjour
j'ai exactement le meme probleme mais impossible de supprimé de trojan
quelqu'un peux maider a faire la manip ?

kduc · Answer

Salut, 

"Ouvre un sujet. 

Un helper te viendra en aide."

Merci de ta compréhension.

niglo640 · Answer

ok c'était juste pour pas encore ouvrir un post la dessus.
c'est ce qu'on fait en principe pour eviter la surcharge.

niglo640 · Answer

personne ne repond sur mon poste
c'est assez urgent
j'aimerai de l'aide
merci par avance

jacques.gache · Answer

niglo640 bonjour, donne nous le lien de ton sujet et ira voir mais perso je le trouve pas !!!

kduc · Answer

...

https://forums.commentcamarche.net/forum/affich-15855875-trojandownloader-win32-renos-jm#3

Si tu veux t' en charger ... car pour moi, c' est cuit pour ce soir.

franck · Answer

windows live one care scan de securtier et il suprimera tout seul apres analyse bye a +et bon courage pour le scan comple

Trojandownloader Win32/Renos.JM - Page 2

Discussions similaires

Newsletters