Virus deroute les liens

ok

ComboFix 12-10-26.05 - freeamelove 28/10/2012 20:07:42.4.1 - x86
Microsoft Windows 7 Édition Starter 6.1.7601.1.1252.33.1036.18.766.283 [GMT 1:00]
Lancé depuis: c:\users\freeamelove\Desktop\ll.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-09-28 au 2012-10-28 ))))))))))))))))))))))))))))))))))))
.
.
2012-10-28 19:16 . 2012-10-28 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-28 19:00 . 2012-10-28 19:00 -------- d-----w- C:\ll
2012-10-27 10:55 . 2012-10-27 10:55 -------- d-----w- c:\programdata\Arovax
2012-10-25 13:17 . 2012-10-25 13:18 -------- d-----w- c:\windows\system32\SPReview
2012-10-25 12:29 . 2010-11-20 02:21 318464 ----a-w- c:\windows\system32\WMPhoto.dll
2012-10-25 12:28 . 2010-11-20 02:30 160128 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2012-10-25 12:24 . 2012-10-25 12:24 -------- d-----w- c:\windows\system32\EventProviders
2012-10-25 10:06 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-25 10:06 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-10-25 10:06 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-25 10:06 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-10-25 10:06 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-10-25 10:06 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-10-25 10:06 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-10-25 10:06 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-25 10:06 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-10-23 19:11 . 2012-10-28 00:24 -------- d-----w- C:\Pre_Scan
2012-10-23 13:28 . 2012-10-23 13:28 -------- d-----w- C:\_OTL
2012-10-22 10:10 . 2012-10-22 18:33 512 ----a-w- C:\PhysicalMBR.bin
2012-10-18 23:44 . 2012-10-18 23:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-10-18 23:31 . 2012-10-18 23:31 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-10-18 22:18 . 2012-10-18 22:18 -------- d-----w- c:\users\freeamelove\DoctorWeb
2012-10-18 19:18 . 2012-10-18 19:19 -------- d-----w- C:\f1022ee81d03e67de7be
2012-10-17 11:45 . 2012-10-17 11:45 -------- d-----w- c:\users\freeamelove\AppData\Roaming\Malwarebytes
2012-10-17 11:45 . 2012-10-17 11:45 -------- d-----w- c:\programdata\Malwarebytes
2012-10-17 11:45 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-17 11:45 . 2012-10-19 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-17 11:18 . 2012-10-17 11:18 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2012-10-17 10:46 . 2012-10-17 11:40 -------- d-----w- C:\ZHP
2012-10-17 10:42 . 1999-11-12 03:11 183808 ----a-w- c:\windows\system32\BDEADMIN.CPL
2012-10-17 10:42 . 1999-01-20 03:01 210032 ----a-w- c:\windows\system32\DBCLIENT.DLL
2012-10-17 10:42 . 2012-10-17 10:42 -------- d-----w- c:\program files\Common Files\Borland Shared
2012-10-17 10:42 . 2012-10-19 09:22 -------- d-----w- c:\program files\ZebHelpProcess
2012-10-16 19:57 . 2012-10-16 19:57 94208 --sha-r- c:\windows\system32\autoconvk.dll
2012-10-15 03:12 . 2012-10-15 03:12 -------- d-----w- c:\users\freeamelove\AppData\Roaming\Ashampoo
2012-10-15 03:11 . 2012-10-15 03:12 -------- d-----w- c:\users\freeamelove\AppData\Local\ashampoo
2012-10-15 03:11 . 2012-10-15 03:11 -------- d-----w- c:\programdata\ashampoo
2012-10-13 21:27 . 2012-10-13 21:27 -------- d-----w- C:\found.000
2012-10-11 23:01 . 2012-10-11 01:05 261600 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-10-11 23:01 . 2012-10-11 08:39 65536 ----a-w- c:\program files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
2012-10-11 23:01 . 2012-10-11 01:05 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-10-11 23:01 . 2012-10-11 01:05 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-10-06 00:51 . 2012-10-06 00:57 28089 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2012-10-06 00:51 . 2012-10-06 00:57 10430 ----a-w- c:\windows\system32\drivers\secbulk.sys
2012-10-05 20:10 . 2012-10-17 01:50 -------- d-----w- c:\windows\WindowsMobile
2012-10-02 09:58 . 2012-10-26 20:42 -------- d-----w- c:\users\freeamelove\AppData\Roaming\SumatraPDF
2012-10-02 09:57 . 2012-10-02 09:57 -------- d-----w- c:\program files\SumatraPDF
2012-09-30 15:44 . 2012-09-30 15:44 -------- d-----w- c:\users\freeamelove\AppData\Roaming\RGE
2012-09-30 14:18 . 2012-09-30 14:18 -------- d-----w- c:\program files\Recuva
2012-09-30 14:12 . 2012-09-30 14:12 -------- d-----w- c:\users\freeamelove\AppData\Local\CRE
2012-09-30 12:18 . 2012-09-30 12:18 -------- d-----w- c:\windows\OEMTemp
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 13:06 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-10-11 01:05 . 2012-10-11 23:01 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-08-10 975952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-26 1713448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"Acer ePower Management"=c:\program files\Acer\Acer ePower Management\ePowerTray.exe
"cAudioFilterAgent"=c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe
"PLFSetI"=c:\windows\PLFSetI.exe
"EgisUpdate"="c:\program files\EgisTec IPS\EgisUpdate.exe" -d
"mwlDaemon"=c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe
"EgisTecPMMUpdate"="c:\program files\EgisTec IPS\PmmUpdate.exe"
"AmIcoSinglun"=c:\program files\AmIcoSingLun\AmIcoSinglun.exe
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PrintDisp"=c:\windows\system32\PrintDisp.exe
.
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RDID1061;EDIROL UA-4FX;c:\windows\system32\Drivers\rdwm1061.sys [x]
R3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\Drivers\SECBULK.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\freeamelove\AppData\Roaming\Mozilla\Firefox\Profiles\g7ip0712.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mozbot.fr/
FF - ExtSQL: 2012-10-12 01:07; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\freeamelove\AppData\Roaming\Mozilla\Firefox\Profiles\g7ip0712.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-ActMask SPL Batch Converter_is1 - c:\windows\system32\unins000.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1180)
c:\program files\EgisTec MyWinLocker\x86\psdprotect.dll
c:\program files\EgisTec MyWinLocker\x86\sysenv.dll
.
Heure de fin: 2012-10-28 20:19:20
ComboFix-quarantined-files.txt 2012-10-28 19:19
ComboFix2.txt 2012-10-22 01:23
ComboFix3.txt 2012-10-20 23:12
.
Avant-CF: 31 574 794 240 octets libres
Après-CF: 31 543 046 144 octets libres
.
- - End Of File - - 9E91C81381D312DDCD31ECC50A0EBA7F

refais un OTL comme demandé ici

https://forums.commentcamarche.net/forum/affich-26277259-virus-deroute-les-liens?full#20

https://forums-fec.be/upload/www/?a=d&i=6920404666

ATTENTION !!! : Script personnalisé pour cette machine uniquement , ne pas reproduire !!

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous "Personnalisation" :


:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4034286016-1945130699-1455461276-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4034286016-1945130699-1455461276-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
FF - user.js - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

:Files
C:\Windows\^õm
C:\Users\freeamelove\AppData\Roaming\WebPlayerBdd
C:\Windows\system32\autoconvk.dll
C:\Windows\system32\Tasks\Browser Manager
C:\Windows\system32\Tasks\Jvetqw
C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Installer\{EFEC373B-FF11-1FD8-DD3F-D4A556591E93}

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur "Correction" pour lancer la suppression.


▶ Poste le rapport qui logiquement s'ouvrira tout seul en fin de travail appres le redemarrage.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-4034286016-1945130699-1455461276-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-4034286016-1945130699-1455461276-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== FILES ==========
File\Folder C:\Windows\^õm not found.
C:\Users\freeamelove\AppData\Roaming\WebPlayerBdd folder moved successfully.
C:\Windows\system32\autoconvk.dll moved successfully.
C:\Windows\system32\Tasks\Browser Manager moved successfully.
C:\Windows\system32\Tasks\Jvetqw moved successfully.
C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Installer\{EFEC373B-FF11-1FD8-DD3F-D4A556591E93} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: freeamelove
->Temp folder emptied: 245 bytes
->Temporary Internet Files folder emptied: 361144 bytes
->FireFox cache emptied: 110658272 bytes
->Flash cache emptied: 8749 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 106,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10282012_225438

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

qu'est-ce que ca dit ?

C'est ok pour l'instant, tu me conseil quoi comme antivirus free, j'ai fais sauter antivir

O_O

Pasc ça viendrait de la DLL que t'as bougé ? Je l'avais fait analyser sur VT sans succès ... :(

avast est plus performant en ce moment sur le WEB et lui n'a pas besoin d'une barre d'outils pourrie pour fonctionner....

retrouve ces deux fichiers dans le dossier d'OTL puis edite-les avec le bloc-notes puis colle leur contenu stp

C:\Windows\system32\Tasks\Browser Manager
C:\Windows\system32\Tasks\Jvetqw

¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2012-08-15T10:46:35</Date>
<Author>Système</Author>
</RegistrationInfo>
<Triggers>
<TimeTrigger>
<Repetition>
<Interval>PT1M</Interval>
<StopAtDurationEnd>false</StopAtDurationEnd>
</Repetition>
<StartBoundary>2012-08-15T00:00:00</StartBoundary>
<Enabled>true</Enabled>
</TimeTrigger>
</Triggers>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\sc.exe</Command>
<Arguments>start Browser Manager</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>S-1-5-18</UserId>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
</Task>

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.1" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Author>freeamelove</Author>
</RegistrationInfo>
<Triggers>
<BootTrigger>
<Enabled>true</Enabled>
</BootTrigger>
</Triggers>
<Settings>
<Enabled>true</Enabled>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<Hidden>false</Hidden>
<WakeToRun>false</WakeToRun>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<Priority>5</Priority>
<IdleSettings>
<Duration>PT600S</Duration>
<WaitTimeout>PT3600S</WaitTimeout>
<StopOnIdleEnd>false</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
</Settings>
<Principals>
<Principal id="Author">
<UserId>System</UserId>
<RunLevel>HighestAvailable</RunLevel>
<LogonType>InteractiveTokenOrPassword</LogonType>
</Principal>
</Principals>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\rundll32.exe</Command>
<Arguments>"C:\Windows\system32\autoconvk.dll",Qatmbvveq</Arguments>
</Exec>
</Actions>
</Task>

c'etait donc bien cette dll ^^

<Command>C:\Windows\system32\rundll32.exe</Command>
<Arguments>"C:\Windows\system32\autoconvk.dll",Qatmbvveq</Arguments>

¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤

Rha la sal0pe !!! je l'ai suspectée mais écartée du doute à cause du résultat de 0/42 !
n'empêche j'aurais du niké les tasks ...

Ok, fallait juste renommer combofix?

Bien sur:)

Merci à vous et surtout à g3n-h@ckm@n

Techniquement votre:)

Merci ^^

Le final : https://forums-fec.be/entraide/viewtopic.php?f=11&t=229

encore un peu de courage .... (sourire)

# DelFix v9.0 - Rapport créé le 28/10/2012 à 23:16:19
# Mis à jour le 23/09/12 par Xplode
# Système d'exploitation : Windows 7 Starter Service Pack 1 (32 bits)
# Nom d'utilisateur : freeamelove - FREEAMELOVE-PC (Administrateur)
# Exécuté depuis : C:\Users\freeamelove\Desktop\delfix.exe
# Option [Suppression]


~~~~~~ Dossiers(s) ~~~~~~

Supprimé : C:\Qoobox
Supprimé : C:\_OTL
Supprimé : C:\pre_scan
Supprimé : C:\ZHP
Supprimé : C:\Users\freeamelove\DoctorWeb

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\Users\freeamelove\Desktop\ll.exe <-- Combofix
Supprimé : C:\AdwCleaner[R1].txt
Supprimé : C:\AdwCleaner[R2].txt
Supprimé : C:\AdwCleaner[R3].txt
Supprimé : C:\AdwCleaner[R4].txt
Supprimé : C:\AdwCleaner[R5].txt
Supprimé : C:\AdwCleaner[R6].txt
Supprimé : C:\AdwCleaner[R7].txt
Supprimé : C:\AdwCleaner[R8].txt
Supprimé : C:\AdwCleaner[R9].txt
Supprimé : C:\AdwCleaner[S10].txt
Supprimé : C:\AdwCleaner[S11].txt
Supprimé : C:\AdwCleaner[S1].txt
Supprimé : C:\AdwCleaner[S2].txt
Supprimé : C:\AdwCleaner[S3].txt
Supprimé : C:\AdwCleaner[S4].txt
Supprimé : C:\AdwCleaner[S5].txt
Supprimé : C:\AdwCleaner[S6].txt
Supprimé : C:\AdwCleaner[S7].txt
Supprimé : C:\AdwCleaner[S8].txt
Supprimé : C:\AdwCleaner[S9].txt
Supprimé : C:\ComboFix.txt
Supprimé : C:\JavaRa.log
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\TDSSKiller.2.8.13.0_19.10.2012_01.11.49_log.txt
Supprimé : C:\Users\freeamelove\Desktop\drweb-cureit.exe
Supprimé : C:\Users\freeamelove\Desktop\Extras.Txt
Supprimé : C:\Users\freeamelove\Desktop\JavaRa.zip
Supprimé : C:\Users\freeamelove\Desktop\OTL.Txt
Supprimé : C:\Users\freeamelove\Desktop\OTL.Txt 1.txt
Supprimé : C:\Users\freeamelove\Desktop\OTL.exe
Supprimé : C:\Users\freeamelove\Desktop\Pre_Diag_28_10_2012_00_35_32.txt
Supprimé : C:\Users\freeamelove\Desktop\Pre_script.txt
Supprimé : C:\Users\freeamelove\Downloads\Extras.Txt
Supprimé : C:\Users\freeamelove\Downloads\OTL.Txt
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\SED.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\Zip.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\Software\g3n-h@ckm@n
Clé Supprimée : HKCU\Software\IDAVLab
Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools
Clé Supprimée : HKLM\SOFTWARE\AdwCleaner
Clé Supprimée : HKLM\SOFTWARE\IDAVLab
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DWPROT

~~~~~~ Autres ~~~~~~

-> Prefetch Vidé

*************************

DelFix[S1].txt - [2757 octets] - [28/10/2012 23:16:19]

########## EOF - C:\DelFix[S1].txt - [2881 octets] ##########

Génial :D

Oublie pas Java et Flash si tu as repoussé ce détail, il mérite grande importance !

===========

Pasc c'normal que j'arrive pas à ouvrir la dll avec ResHack ? Enfin si elle s'ouvre mais elle est vide O_O