Win32/Vundo.gen!AA

Question

Bonjour a tous !

Comme dit dans le titre, je me suis chopé ce Trojan : Win32/Vundo.gen!AA
Je n'arrive pas a m'en débarrasser, quelqu'un aurait une solution?
Merci d'avance.

J'utilise Avast.

g!rly · Answer

salut qualité filtre :)

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+

Utilisateur anonyme · Answer

qualité filtre :) ptdr

g!rly · Answer

lol

maxwell302 · Answer

Me revoila ! Apparemment vous aimez le café :P Voila donc le rapport : ComboFix 08-11-30.02 - Axel 2008-12-01 19:49:56.1 - NTFSx86 Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1034 [GMT 1:00] Lancé depuis: c:\users\Axel\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.exe c:\windows\fxstaller.exe c:\windows\system32\awtqrrQh.dll c:\windows\system32\hgGwUmmm.dll c:\windows\system32\iiffCSiF.dll c:\windows\System32\iiPXwGgh.ini c:\windows\System32\iiPXwGgh.ini2 c:\windows\system32\ljJAPJYP.dll c:\windows\system32\mlJDsRki.dll c:\windows\System32\mmmUwGgh.ini c:\windows\System32\mmmUwGgh.ini2 c:\windows\system32\rqRIyYQG.dll c:\windows\system32\ssqOICUM.dll c:\windows\system32\x64 c:\windows\Tasks\cpimdoti.job D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-01 au 2008-12-01 )))))))))))))))))))))))))))))))))))) . 2008-11-30 22:30 . 2008-11-30 22:59 1,025 --a------ C:\ous.exe 2008-11-30 20:26 . 2008-11-30 20:27 d-------- c:\users\Axel\amsn 2008-11-30 20:24 . 2008-11-30 20:25 d-------- c:\program files\aMSN 2008-11-30 16:03 . 2008-11-30 23:16 d-------- c:\users\Axel\AppData\Roaming\.purple 2008-11-30 16:03 . 2008-11-30 16:03 d-------- c:\program files\Pidgin 2008-11-30 16:02 . 2008-11-30 16:02 d-------- c:\program files\Common Files\GTK 2008-11-30 12:09 . 2008-11-30 12:16 d-------- c:\program files\LDraw 2008-11-30 00:31 . 2008-11-30 00:31 d-------- c:\users\All Users\WindowsSearch 2008-11-30 00:31 . 2008-11-30 00:31 d-------- c:\programdata\WindowsSearch 2008-11-30 00:24 . 2008-11-30 11:21 d-------- c:\program files\Picasa2 2008-11-30 00:21 . 2008-11-30 00:21 d-------- c:\users\All Users\eSellerate 2008-11-30 00:21 . 2008-11-30 00:21 d-------- c:\programdata\eSellerate 2008-11-30 00:21 . 2008-11-30 00:21 d-------- c:\program files\Western Digital 2008-11-30 00:17 . 2008-11-30 00:21 d-------- c:\program files\Memeo 2008-11-30 00:16 . 2008-11-30 00:19 d---s---- c:\users\All Users\Memeo 2008-11-30 00:16 . 2008-11-30 00:19 d---s---- c:\programdata\Memeo 2008-11-29 20:08 . 2008-11-29 20:08 d-------- c:\program files\Western Digital Technologies 2008-11-29 17:28 . 2008-11-29 18:12 d-------- c:\users\Axel\AppData\Roaming\Azureus 2008-11-29 17:28 . 2008-11-29 17:28 d-------- c:\users\All Users\Azureus 2008-11-29 17:28 . 2008-11-29 17:28 d-------- c:\programdata\Azureus 2008-11-29 17:26 . 2008-11-29 17:27 d-------- c:\program files\Vuze 2008-11-29 15:59 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-29 15:59 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-29 15:59 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-29 15:59 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-29 15:58 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-29 15:58 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-29 15:58 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-29 15:58 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-29 15:58 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-29 12:53 . 2005-07-02 18:41 d-------- c:\users\Axel\Help 2008-11-29 12:53 . 2005-07-02 20:09 1,372,160 --a------ c:\users\Axel\MLCAD.exe 2008-11-29 12:53 . 2005-07-02 18:40 245,760 --a------ c:\users\Axel\mlcad.dll 2008-11-29 00:09 . 2008-11-29 00:09 d-------- c:\users\Axel\AppData\Roaming\LEGO Company 2008-11-29 00:09 . 2008-11-29 00:09 d-------- c:\program files\LEGO Company 2008-11-27 17:07 . 2008-11-27 18:26 217,884 --a------ C:\video.pass 2008-11-26 18:23 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-26 18:23 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 18:23 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 18:23 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 18:23 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-22 10:54 . 2008-11-22 10:54 d-------- c:\users\All Users\FLEXnet 2008-11-22 10:54 . 2008-11-22 10:54 d-------- c:\programdata\FLEXnet 2008-11-21 23:54 . 2008-11-21 23:54 d-------- c:\program files\Common Files\Macrovision Shared 2008-11-21 23:48 . 2008-11-21 23:47 118,520 --------- c:\windows\System32\pxinsi64.exe 2008-11-21 23:48 . 2008-11-21 23:47 116,472 --------- c:\windows\System32\pxcpyi64.exe 2008-11-16 16:22 . 2008-11-16 16:22 d-------- c:\users\All Users\Roblox 2008-11-16 16:22 . 2008-11-16 16:22 d-------- c:\programdata\Roblox 2008-11-16 16:22 . 2008-11-16 16:22 d-------- c:\program files\Roblox 2008-11-13 17:53 . 2008-11-13 17:53 d-------- c:\program files\GoldBarre 2008-11-13 17:51 . 2008-11-13 18:16 d-------- c:\windows\Eurobarre 2008-11-13 17:51 . 2008-11-13 19:03 d-------- c:\program files\Eurobarre 2008-11-13 08:45 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-13 08:45 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-13 08:44 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-11 15:23 . 2008-11-21 21:47 d-------- c:\program files\HyCam2 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-01 18:47 --------- d-----w c:\users\Axel\AppData\Roaming\codeblocks 2008-11-30 20:54 --------- d-----w c:\users\Axel\AppData\Roaming\uTorrent 2008-11-30 16:18 --------- d-----w c:\users\Axel\AppData\Roaming\gtk-2.0 2008-11-29 23:23 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-29 23:23 --------- d-----w c:\program files\Google 2008-11-29 23:21 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-29 16:32 --------- d-----w c:\program files\WinTV 2008-11-21 23:08 --------- d-----w c:\programdata\Microsoft Help 2008-11-21 22:56 --------- d-----w c:\program files\Common Files\Adobe 2008-11-21 20:40 --------- d-----w c:\users\Axel\AppData\Roaming\teamspeak2 2008-11-21 18:05 --------- d-----w c:\programdata\TrackMania 2008-11-18 18:02 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2008-11-14 18:36 --------- d-----w c:\users\Axel\AppData\Roaming\dvdcss 2008-11-13 17:01 --------- d-----w c:\program files\Super macro 2008-11-10 22:21 --------- d-----w c:\program files\Free Video Converter 2008-11-09 13:49 --------- d-----w c:\users\Axel\AppData\Roaming\GSC 2008-10-29 23:53 --------- d-----w c:\users\Axel\AppData\Roaming\mIRC 2008-10-29 23:49 --------- d-----w c:\program files\mIRC 2008-10-29 22:52 --------- d-----w c:\program files\GSC 2008-10-29 22:51 --------- d-----w c:\users\Axel\AppData\Roaming\GSC 2.00 2008-10-29 22:26 --------- d-----w c:\program files\GSC 2.00 2008-10-29 18:52 --------- d-----w c:\program files\Winamp 2008-10-28 18:50 --------- d-----w c:\users\Axel\AppData\Roaming\Sony 2008-10-28 18:50 --------- d-----w c:\programdata\Sony 2008-10-28 18:30 --------- d-----w c:\program files\Sony 2008-10-28 18:30 --------- d-----w c:\program files\Common Files\Sony Shared 2008-10-28 18:29 --------- d-----w c:\program files\QuickTime 2008-10-28 18:28 --------- d-----w c:\program files\Common Files\Apple 2008-10-28 18:27 --------- d-----w c:\programdata\Apple Computer 2008-10-28 18:26 --------- d-----w c:\programdata\Apple 2008-10-28 18:26 --------- d-----w c:\program files\Apple Software Update 2008-10-28 18:22 --------- d-----w c:\users\Axel\AppData\Roaming\Sony Setup 2008-10-28 18:22 --------- d-----w c:\program files\Sony Setup 2008-10-25 01:09 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-23 13:25 --------- d-----w c:\users\Axel\AppData\Roaming\OpenOffice.org 2008-10-23 13:11 --------- d-----w c:\program files\OpenOffice.org 3 2008-10-23 13:11 --------- d-----w c:\program files\OpenOffice.org 2.4 2008-10-23 13:11 --------- d-----w c:\program files\JRE 2008-10-23 12:49 --------- d-----w c:\program files\Java 2008-10-23 12:47 --------- d-----w c:\users\Axel\AppData\Roaming\U3 2008-10-23 12:47 --------- d-----w c:\users\Axel\AppData\Roaming\OpenOffice.org2 2008-10-23 12:45 143,792,816 ----a-w c:\users\Axel\OOo_3.0.0_Win32Intel_install_wJRE_fr.exe 2008-10-20 19:46 --------- d---a-w c:\programdata\TEMP 2008-10-20 14:43 --------- d-----w c:\programdata\2DBoy 2008-10-15 21:08 --------- d-----w c:\program files\Windows Mail 2008-10-15 17:31 --------- d-----w c:\users\Axel\AppData\Roaming\Teeworlds 2008-10-13 14:18 --------- d-----w c:\programdata\NOS 2008-10-13 14:18 --------- d-----w c:\program files\NOS 2008-10-11 22:38 --------- d-----w c:\program files\Multiwinia 2008-10-11 11:25 --------- d-----w c:\program files\Lugaru 2008-10-10 20:34 --------- d-----w c:\program files\SpeedFan 2008-10-09 16:43 --------- d-----w c:\program files\Bridge Builder 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 18:14 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-22 20:16 8,379,944 ----a-w c:\users\Axel\Firefox_Portable_3.0.1_en-us.paf.exe 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll 2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe 2008-08-05 11:37 174 --sha-w c:\program files\desktop.ini 2005-08-25 20:17 929,280 ----a-w c:\users\Axel\VirtualDubMod.exe 2005-08-25 20:10 9,804 ----a-w c:\users\Axel\vdremote.dll 2005-08-25 20:10 40,960 ----a-w c:\users\Axel\AuxSetup.exe 2005-08-25 20:10 11,340 ----a-w c:\users\Axel\vdicmdrv.dll 2005-08-25 20:09 7,244 ----a-w c:\users\Axel\vdsvrlnk.dll 2003-04-25 22:29 146,944 ----a-w c:\users\Axel\SciLexer.dll 2003-03-11 21:50 48,640 ----a-w c:\users\Axel\vorbis.dll 2003-03-11 21:10 20,992 ----a-w c:\users\Axel\ogg.dll 2003-03-10 15:42 125,440 ----a-w c:\users\Axel\corona.dll 2006-05-03 10:06 163,328 --sh--r c:\windows\System32\flvDX.dll 2007-02-21 11:47 31,232 --sh--r c:\windows\System32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w c:\windows\System32\Smab0.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616] "Core Temp"="c:\users\Axel\Downloads\CoreTemp\Core Temp.exe" [2008-08-22 277008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-20 331552] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152] "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 184320] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-02-27 688128] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-04 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-04 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-04 133656] "UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-04-12 341488] "au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296] "SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-30 1838592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968] c:\users\Axel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Memeo AutoBackup Launcher.lnk - c:\users\Axel\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-11-30 73728] Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [2007-12-13 128224] OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-05-25 110647] BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664] DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-05-23 184320] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.i420"= i420vfw.dll "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli ASWLNPkg [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{5EFBAF42-9487-43D2-80B0-7A118CB9941D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{2AB20EE9-6D7B-4B15-B4FD-7D2455D104CB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{41F46A3D-EF10-4ECA-8830-59BBA6C7908B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent "{7ED98C0D-2150-4E0F-9D8E-ABE3BC5830D1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{9C344EEB-DC84-4F18-A191-57CAABB30A16}c:\program files\shareaza\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing "UDP Query User{82876F27-4C59-4B26-9A50-167BC85FB9D0}c:\program files\shareaza\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing "TCP Query User{3D73B3A6-90FB-42F5-9E85-0C31D2FA9FE0}c:\users\axel\downloads\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\packmatronic 1.0 crystalxp.exe"= UDP:c:\users\axel\downloads\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\packmatronic 1.0 crystalxp.exe:packmatronic 1.0 crystalxp.exe "UDP Query User{D000959F-AB04-4817-9A68-160D16EA16B9}c:\users\axel\downloads\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\packmatronic 1.0 crystalxp.exe"= TCP:c:\users\axel\downloads\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\packmatronic 1.0 crystalxp.exe:packmatronic 1.0 crystalxp.exe "TCP Query User{FF11E901-7441-47A0-8F35-F657E47A8CE8}c:\program files\internet explorer\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{6BB1CD8A-6988-4CB9-AFBA-8708E8BD715E}c:\program files\internet explorer\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{C8901803-B327-491C-9A7D-A3851FC5A607}c:\program files\firefly studios\stronghold 2 demo\stronghold2demo.exe"= UDP:c:\program files\firefly studios\stronghold 2 demo\stronghold2demo.exe:Stronghold 2 "UDP Query User{CE049443-3714-48CB-87B4-C9C8E62ECEE8}c:\program files\firefly studios\stronghold 2 demo\stronghold2demo.exe"= TCP:c:\program files\firefly studios\stronghold 2 demo\stronghold2demo.exe:Stronghold 2 "TCP Query User{6F6CDE86-430A-4064-BF95-32F413FD0606}c:\program files\mozilla firefox\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{A16693B2-4B35-4CE8-B02C-76D76A1DE456}c:\program files\mozilla firefox\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{5BA37FDD-8113-491F-914B-B9A8D1B19D56}c:\program files\winamp\winamp.exe"= UDP:c:\program files\winamp\winamp.exe:Winamp "UDP Query User{7BA2F4C2-5A8C-4330-B580-1446F765A6FD}c:\program files\winamp\winamp.exe"= TCP:c:\program files\winamp\winamp.exe:Winamp "TCP Query User{C6478398-7B87-4CF4-B8B8-3CCE321C4A01}c:\program files\activision\call of duty 2\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s "UDP Query User{A86D00DA-1C26-479F-AA6F-A03311F65FFD}c:\program files\activision\call of duty 2\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s "{F29F4D69-7559-411B-8348-110233A839AD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{C1086466-47B0-4D2E-9A2B-B0B4B5E594EE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{2ED108EE-AA90-4C35-89BE-A38D9CAF37BF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{57F55C1D-32AA-4F15-BDFC-A06168EB45EF}"= Disabled:UDP:c:\users\Axel\AppData\Roaming\U3\[u]0/u000167C8775BD3C\[u]0/uDE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype "{87647D67-B88D-497B-B2BA-F44DFA8F7AD6}"= Disabled:TCP:c:\users\Axel\AppData\Roaming\U3\[u]0/u000167C8775BD3C\[u]0/uDE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype "TCP Query User{6C74E3CE-CF1B-4D5E-B68F-5547E7B80561}i:\documents\games\tmunitedforever\tmforever.exe"= UDP:i:\documents\games\tmunitedforever\tmforever.exe:TmForever "UDP Query User{3D102976-9537-424A-AF70-DF046F5D4C24}i:\documents\games\tmunitedforever\tmforever.exe"= TCP:i:\documents\games\tmunitedforever\tmforever.exe:TmForever "TCP Query User{234AF7CC-01C0-4BC6-9FCA-FF522206757A}c:\program files\emule\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{C99F8BBD-8A80-461A-901A-F09015443A8F}c:\program files\emule\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{9C918F39-1F7F-4089-A6E3-DDE0693E6934}i:\documents\games\tmnationsforever\tmforever.exe"= UDP:i:\documents\games\tmnationsforever\tmforever.exe:TmForever "UDP Query User{B815FE30-7C12-4E60-8BF9-CD5A8C859DC5}i:\documents\games\tmnationsforever\tmforever.exe"= TCP:i:\documents\games\tmnationsforever\tmforever.exe:TmForever "TCP Query User{D4688083-1337-4442-94B3-E69B6375AE57}i:\documents\games\friendly-strike3.exe"= UDP:i:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application "UDP Query User{D05DCEF2-F381-4C41-9333-2D544451114D}i:\documents\games\friendly-strike3.exe"= TCP:i:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application "TCP Query User{1DD465ED-7E4E-4CF0-AA29-87C56291184C}c:\program files\multiwinia\multiwinia.exe"= UDP:c:\program files\multiwinia\multiwinia.exe:multiwinia "UDP Query User{B00286BC-C54F-4F77-AD6A-B14F8356CAE7}c:\program files\multiwinia\multiwinia.exe"= TCP:c:\program files\multiwinia\multiwinia.exe:multiwinia "TCP Query User{1891C51E-4A2E-4F77-B27F-BF902DF75DCE}k:\documents\games\friendly-strike3.exe"= UDP:k:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application "UDP Query User{74878CE3-6C4E-4644-8831-6F0BF29599F9}k:\documents\games\friendly-strike3.exe"= TCP:k:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application "TCP Query User{6E14C996-2E9B-41A4-B187-1835BE0F7E4E}k:\documents\games\tmnationsforever\tmforever.exe"= UDP:k:\documents\games\tmnationsforever\tmforever.exe:TmForever "UDP Query User{94506BEC-ED50-42FA-B104-67FD98FC0327}k:\documents\games\tmnationsforever\tmforever.exe"= TCP:k:\documents\games\tmnationsforever\tmforever.exe:TmForever "TCP Query User{13D17499-732F-4F2D-A0E0-5D9CA2E352E3}C:0\documents\games\tmnationsforever\tmforever.exe"= UDP:C:0\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "UDP Query User{AA2ED7D8-BE48-4111-95D3-BE1033DA67B4}C:0\documents\games\tmnationsforever\tmforever.exe"= TCP:C:0\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "TCP Query User{9F88D468-B64F-48D9-85F9-7F2694F59055}C:5\documents\games\tmnationsforever\tmforever.exe"= UDP:C:5\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "UDP Query User{04C41B5F-9F7D-404D-ADD0-D6A98F02AC99}C:5\documents\games\tmnationsforever\tmforever.exe"= TCP:C:5\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "TCP Query User{7CD8B4FD-F414-4EFA-B622-2CAD4201E29A}C:9\documents\games\tmnationsforever\tmforever.exe"= UDP:C:9\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "UDP Query User{E5ACDE34-2B13-4588-ACFF-ACF991DBCD5A}C:9\documents\games\tmnationsforever\tmforever.exe"= TCP:C:9\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "{043FDF1C-2208-4166-98A0-F3752D46F88C}"= UDP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0 "{C5F95BC4-52DE-4D0A-ABDD-1E514D68167A}"= TCP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0 "TCP Query User{BAB358E1-11A6-4E8D-85E0-83720F52BA41}c:\program files\mirc\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{BCEB87A1-39E6-4651-8DBA-453B1F6D0691}c:\program files\mirc\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "TCP Query User{7AE55A68-83CF-49DA-BACD-F7660992BF4C}C:1\documents\games\tmnationsforever\tmforever.exe"= UDP:C:1\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "UDP Query User{8CB85F54-349B-4B3D-936A-D5B8A6A02206}C:1\documents\games\tmnationsforever\tmforever.exe"= TCP:C:1\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "TCP Query User{22C696FB-9854-4B7E-8EB4-347F5090DCB1}C:8\documents\games\tmnationsforever\tmforever.exe"= UDP:C:8\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "UDP Query User{1B1A915D-9256-4CFE-9B6B-0C25667541D2}C:8\documents\games\tmnationsforever\tmforever.exe"= TCP:C:8\documents\games\tmnationsforever\tmforever.exe:tmforever.exe "TCP Query User{F1303448-C621-466E-ABB5-6B6AE8EF9F4F}c:\program files\vuze\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus "UDP Query User{1E1B10A5-A560-4688-825C-6DA9DEB5C6C0}c:\program files\vuze\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus "TCP Query User{2BA2E84F-7E74-43A6-9996-B9D5342CD32C}c:\program files\amsn\bin\wish.exe"= UDP:c:\program files\amsn\bin\wish.exe:Wish Application "UDP Query User{6B4C74EE-4547-46DA-9582-D3084940504F}c:\program files\amsn\bin\wish.exe"= TCP:c:\program files\amsn\bin\wish.exe:Wish Application R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-24 110160] R2 AEADIFilters;Andrea ADI Filters Service;c:\windows\system32\AEADISRV.EXE [2007-02-06 69632] R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [2008-07-18 21504] R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2008-07-18 21504] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-24 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-05-24 51792] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312] R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2008-05-25 435200] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-05-08 24880] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-05-08 539936] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-01-23 179200] S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-13 33752] S3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66xxx.sys [2008-05-25 418304] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1282b18f-98ee-11dd-9fcd-001a6b8379c0}] \shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c31fb9-2a2d-11dd-b070-001a6b8379c0}] \shell\AutoRun\command - K:\StartPortableApps.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c31fbc-2a2d-11dd-b070-001a6b8379c0}] \shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aadf009e-bcf1-11dd-985d-001a4b57e93a}] \shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe . . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\users\Axel\AppData\Roaming\Mozilla\Firefox\Profiles\xb1l3ps2.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll FF -: plugin - c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF -: plugin - c:\users\Axel\AppData\Roaming\Mozilla\Firefox\Profiles\xb1l3ps2.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-01 20:52:50 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'lsass.exe'(756) c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll - - - - - - - > 'Explorer.exe'(948) c:\program files\RocketDock\RocketDock.dll c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\audiodg.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\windows\System32\conime.exe c:\windows\System32\agrsmsvc.exe c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\windows\SMINST\Scheduler.exe c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\PDF Complete\pdfsvc.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\WinTV\EPG Services\System\EPGClient.exe c:\windows\System32\igfxsrvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\System32\wbem\unsecapp.exe c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\Memeo\AutoBackup\MemeoBackup.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Memeo\AutoSync\MemeoAutoSync.exe c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe c:\windows\System32\wbem\WMIADAP.exe c:\windows\System32\dllhost.exe c:\windows\System32\verclsid.exe . ************************************************************************** . Heure de fin: 2008-12-01 20:57:50 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-01 19:57:28 Avant-CF: 75 132 747 776 octets libres Après-CF: 76,278,824,960 octets libres 378 --- E O F --- 2008-12-01 18:22:14

g!rly · Answer

j´préfère le thé, mais je n´ai pas pu m´empêcher, :)

supprime ce fichier :

C:\ous.exe

arrives tu as installer malwarebytes maintenant ?

maxwell302 · Answer

Au risque de passer pour un noob, qu'est ce que malwarebytes ?

Utilisateur anonyme · Answer

t inkiete t es pas un noob c g!rly qu il l est mdr 

je plaisante ma belle

voila pour malewarebyte:


Telecharge malwarebytes 

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log

g!rly · Answer

j´suis débordée, j´ai pu l´habitude...

maxwell302 · Answer

Salut !

Voila le rapport de Malwarebyte :

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1442
Windows 6.0.6001 Service Pack 1

02/12/2008 15:43:42
mbam-log-2008-12-02 (15-43-36).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 201219
Temps écoulé: 1 hour(s), 31 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Axel\Downloads\installation.exe (Trojan.Dialer) -> No action taken.
C:\Program Files\Alwil Software\Avast4\DATA\moved\cna[1].jpg.vir (Backdoor.Bot) -> No action taken.
C:\Program Files\Eurobarre\eb.exe (Adware.Eurobarre) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\fxstaller.exe.vir (Backdoor.Bot) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\System32\hgGwUmmm.dll.vir (Trojan.Vundo) -> No action taken.
C:\Users\Axel\Firefox_Portable_3.0.1_en-us.paf.exe (Trojan.FakeAlert) -> No action taken.
C:\Users\Axel\OOo_3.0.0_Win32Intel_install_wJRE_fr.exe (Trojan.FakeAlert) -> No action taken.

g!rly · Answer

salut maxwell302, 

ok pour malwarebytes, mais as tu supprimé la sélection ?

car la ça affiche > no action taken...

@+

maxwell302 · Answer

Oui oui j'ai supprimé ;)

g!rly · Answer

ok

post un nouveau rapport hijack this

comment va ton pc pour le moment ?

maxwell302 · Answer

Hijackthis ou combofix?


Sinon mon PC ca va, mieux qu'avant en tout cas ^^

g!rly · Answer

hijackthis

maxwell302 · Answer

Voilou !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01:46, on 02/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CodeBlocks\codeblocks.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Axel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://dufpy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Core Temp] "C:\Users\Axel\Downloads\CoreTemp\Core Temp.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Axel\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

g!rly · Answer

ok

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

En francais :

https://www.avira.com/

Reglages :

en image :

http://speedweb1.free.fr/frames2.php?page=tuto5

mes explications :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes : 
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

@+

maxwell302 · Answer

Voila ! Avira AntiVir Personal Date de création du fichier de rapport : mardi 2 décembre 2008 16:58 La recherche porte sur 1065867 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows Vista Version de Windows :(Service Pack 1) [6.0.6001] Mode Boot : Démarré normalement Identifiant : Axel Nom de l'ordinateur :PC-DE-AXEL Informations de version : BUILD.DAT : 8.2.0.51 16930 Bytes 30/10/2008 15:47:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:49 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:49:30 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 15:49:31 ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 15:49:32 ANTIVIR3.VDF : 7.1.0.175 83456 Bytes 02/12/2008 15:49:32 Version du moteur: 8.2.0.36 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.15 332156 Bytes 02/12/2008 15:49:41 AESCN.DLL : 8.1.1.5 123251 Bytes 02/12/2008 15:49:41 AERDL.DLL : 8.1.1.3 438645 Bytes 02/12/2008 15:49:40 AEPACK.DLL : 8.1.3.4 393591 Bytes 02/12/2008 15:49:39 AEOFFICE.DLL : 8.1.0.30 196986 Bytes 02/12/2008 15:49:38 AEHEUR.DLL : 8.1.0.71 1487222 Bytes 02/12/2008 15:49:37 AEHELP.DLL : 8.1.2.0 119159 Bytes 02/12/2008 15:49:35 AEGEN.DLL : 8.1.1.6 323955 Bytes 02/12/2008 15:49:35 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.5.2 172405 Bytes 02/12/2008 15:49:34 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.2 98344 Bytes 02/12/2008 15:49:33 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Sélection manuelle Fichier de configuration.........: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, D:, E:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: marche Fichier mode de recherche........: Tous les fichiers Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: élevé Début de la recherche : mardi 2 décembre 2008 16:58 La recherche d'objets cachés commence. '85053' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'Scheduler.exe' - '1' module(s) sont contrôlés Processus de recherche 'Scheduler.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'winamp.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'pidgin.exe' - '1' module(s) sont contrôlés Processus de recherche 'codeblocks.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'BTStackServer.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'HPHC_Service.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés Processus de recherche 'soffice.bin' - '1' module(s) sont contrôlés Processus de recherche 'SynTPHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'soffice.exe' - '1' module(s) sont contrôlés Processus de recherche 'HPQTOA~1.EXE' - '1' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés Processus de recherche 'hpqWmiEx.exe' - '1' module(s) sont contrôlés Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sqlwriter.exe' - '1' module(s) sont contrôlés Processus de recherche 'BTTray.exe' - '1' module(s) sont contrôlés Processus de recherche 'sqlbrowser.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'RocketDock.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleDesktop.exe' - '1' module(s) sont contrôlés Processus de recherche 'smax4pnp.exe' - '1' module(s) sont contrôlés Processus de recherche 'igfxpers.exe' - '1' module(s) sont contrôlés Processus de recherche 'igfxsrvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés Processus de recherche 'igfxtray.exe' - '1' module(s) sont contrôlés Processus de recherche 'EPGClient.exe' - '1' module(s) sont contrôlés Processus de recherche 'winampa.exe' - '1' module(s) sont contrôlés Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés Processus de recherche 'QLBCTRL.exe' - '1' module(s) sont contrôlés Processus de recherche 'pdfsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'WiFiMsg.exe' - '1' module(s) sont contrôlés Processus de recherche 'HPWAMain.exe' - '1' module(s) sont contrôlés Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés Processus de recherche 'pthosttr.exe' - '1' module(s) sont contrôlés Processus de recherche 'pdfsty.exe' - '1' module(s) sont contrôlés Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'iviRegMgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'EPGService.exe' - '1' module(s) sont contrôlés Processus de recherche 'Scheduler.exe' - '1' module(s) sont contrôlés Processus de recherche 'DevSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'asghost.exe' - '1' module(s) sont contrôlés Processus de recherche 'BcmSqlStartupSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'agrsmsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'AEADISRV.EXE' - '1' module(s) sont contrôlés Processus de recherche 'conime.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'ashServ.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'hpservice.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '87' processus ont été contrôlés avec '87' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [INFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [INFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [INFO] Aucun virus trouvé ! Secteur d'amorçage 'E:\' [INFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '68' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\$RECYCLE.BIN\S-1-5-21-2036412767-3205450058-3807807548-1006\$RESW3RJ.vir [RESULTAT] Contient le modèle de détection du ver WORM/IrcBot.48690.5 [REMARQUE] Fichier supprimé. C:\$RECYCLE.BIN\S-1-5-21-2036412767-3205450058-3807807548-1006\$RR48AS6.vir [RESULTAT] Contient le cheval de Troie TR/AntiAV.TZ.5 [REMARQUE] Fichier supprimé. C:\Qoobox\Quarantine\C\WINDOWS\System32\ljJAPJYP.dll.vir [RESULTAT] Contient le cheval de Troie TR/Monder.aane [REMARQUE] Fichier supprimé. C:\Users\Axel\Documents\DBZ\DB tomes 1 à 16.rar [0] Type d'archive: RAR --> Manga 04 - Le tournoi.exe [RESULTAT] Contient le cheval de Troie TR/Agent.9331537 [REMARQUE] Fichier supprimé. C:\Users\Axel\Downloads\ghost-mouse-2-0i.exe [RESULTAT] Contient le cheval de Troie TR/Dldr.MFF [REMARQUE] Fichier supprimé. C:\WINDOWS\System32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'D:\' Recherche débutant dans 'E:\' Fin de la recherche : mardi 2 décembre 2008 18:38 Temps nécessaire: 1:39:52 Heure(s) La recherche a été effectuée intégralement 27579 Les répertoires ont été contrôlés 692036 Des fichiers ont été contrôlés 5 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 5 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 3 Impossible de contrôler des fichiers 692028 Fichiers non infectés 4287 Les archives ont été contrôlées 3 Avertissements 5 Consignes 85053 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés

g!rly · Answer

ok

post un nouveau rapport  hijack this stp

@+

maxwell302 · Answer

Voila !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:25, on 02/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Explorer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CodeBlocks\codeblocks.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\explorer.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Users\Axel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://dufpy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Core Temp] "C:\Users\Axel\Downloads\CoreTemp\Core Temp.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Axel\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

g!rly · Answer

a l´aide de hijack this coche et fix :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

regarde ce tutorial pour mettre ta console java a jour :
 
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...

pour plus de secu :

installe un par feu :

par feu : kerio

telechargement : http://www.filehippo.com/download_sunbelt_personal_firewall/tech/468/

tuto :

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

Comodo 3 pro :

http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro

tuto : https://www.malekal.com/tutorial-comodo-firewall/

Online armor :

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

tuto : https://www.malekal.com/tutorial-online-armor-free/

ou zone alarm plus facil a configurer mais moins performant

https://www.malekal.com/tutoriel-zonealarm-firewall/

+

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/


pour supprimer les outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

@+

maxwell302 · Answer

Donc juste après l'installation de Kerio firewall, mon PC a "redémarré", sans me damander (je ne sait pas si c'est lié...) et ensuite plus moyen de le redémarrer, magnifique blue-screen de windows, "Outil de réparation windows" ou je ne sait quoi.
10 minute après l'outil de réparation, le PC démarre, et je me retrouve avec mon bureau comme avant les manips juste après l'étape Combofix.

Je sait pas si c'est le même virus mais en tout cas le PC est au bout du rouleau (10 minutes pour démarrer, 5 pour ouvrir Firefox, petites séances de freeze etc...)

g!rly · Answer

galere !

post un nouveau rapport hijack this, on va voir ca de plus pres

@+

maxwell302 · Answer

Voila le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:40, on 2008-12-03
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\fxstaller.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\Axel\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://dufpy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\Windows\system32\opnnnmnO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\opnnnmnO.dll,#1
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Core Temp] "C:\Users\Axel\Downloads\CoreTemp\Core Temp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Axel\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

g!rly · Answer

salut, 

desinstalle avast !

puis repasse combofix et post son rapport 

@+

maxwell302 · Answer

Impossible de désinstaller Avast, même avec aswclear, auto-défense activée ==> "accès refusé"  -___-"

maxwell302 · Answer

En fait c'est bon, je l'ai eu a grands coups de mode sans-echec   :P


Je lance combofix...

g!rly · Answer

ok

maxwell302 · Answer

Voila le rapport combofix:

ComboFix 08-12-02.02 - Axel 2008-12-03 20:00:06.1 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1024 [GMT 1:00]
Lancé depuis: c:\users\Axel\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\awtqrrQh.dll
c:\windows\system32\iiffCSiF.dll
c:\windows\System32\iiPXwGgh.ini
c:\windows\System32\iiPXwGgh.ini2
c:\windows\system32\mlJDsRki.dll
c:\windows\System32\mmmUwGgh.ini
c:\windows\System32\mmmUwGgh.ini2
c:\windows\system32\rqRIyYQG.dll
c:\windows\system32\ssqOICUM.dll
c:\windows\Tasks\cpimdoti.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-03 au 2008-12-03 ))))))))))))))))))))))))))))))))))))
.

2008-12-03 19:44 . 2008-12-03 19:44 <REP> d--h----- c:\windows\PIF
2008-12-03 19:31 . 2008-12-03 19:36 <REP> d-------- c:\program files\RegCleaner
2008-12-02 22:56 . 2008-12-02 22:56 34,816 --a------ c:\windows\System32\xxyabxWQ.dll
2008-12-02 21:42 . 2008-12-02 21:42 <REP> d-------- c:\program files\Kerio
2008-12-02 21:34 . 2008-12-02 21:38 <REP> d-------- c:\program files\Java(38)
2008-12-02 21:34 . 2008-12-02 21:34 <REP> d-------- c:\program files\Common Files\Java(37)
2008-12-02 16:47 . 2008-12-02 16:47 <REP> d-------- c:\users\All Users\Avira
2008-12-02 16:47 . 2008-12-02 16:47 <REP> d-------- c:\programdata\Avira
2008-12-02 16:47 . 2008-12-02 16:47 <REP> d-------- c:\program files\Avira
2008-12-02 14:45 . 2008-12-02 14:45 <REP> d-------- c:\program files\Armada Online Alpha
2008-12-01 21:46 . 2008-12-01 21:46 <REP> d-------- c:\users\Axel\AppData\Roaming\Malwarebytes
2008-12-01 21:46 . 2008-12-01 21:46 <REP> d-------- c:\users\All Users\Malwarebytes
2008-12-01 21:46 . 2008-12-01 21:46 <REP> d-------- c:\programdata\Malwarebytes
2008-12-01 21:46 . 2008-12-01 21:46 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-01 19:46 . 2008-12-01 19:46 33,832 --a------ c:\windows\System32\nclsrsev.exe
2008-12-01 19:46 . 2008-12-01 19:46 33,832 --a------ c:\windows\System32\koewbkjt.exe
2008-12-01 19:45 . 2008-12-01 19:45 33,832 --a------ c:\windows\System32\shbarbbz.exe
2008-12-01 19:42 . 2008-12-01 19:42 33,832 --a------ c:\windows\System32\gibhmegx.exe
2008-12-01 19:37 . 2008-12-01 19:37 33,832 --a------ c:\windows\System32\wfiqnazv.exe
2008-12-01 19:32 . 2008-12-01 19:32 33,832 --a------ c:\windows\System32\fistzljt.exe
2008-12-01 19:29 . 2008-12-01 19:29 33,832 --a------ c:\windows\System32\lcdvsgce.exe
2008-12-01 19:22 . 2008-12-01 19:22 33,832 --a------ c:\windows\System32\ajwummim.exe
2008-11-30 23:15 . 2008-11-30 23:15 33,832 --a------ c:\windows\System32\uzhxavpi.exe
2008-11-30 22:30 . 2008-11-30 22:59 1,025 --a------ C:\ous.exe
2008-11-30 20:26 . 2008-11-30 20:27 <REP> d-------- c:\users\Axel\amsn
2008-11-30 20:24 . 2008-11-30 20:25 <REP> d-------- c:\program files\aMSN
2008-11-30 16:03 . 2008-12-03 19:10 <REP> d-------- c:\users\Axel\AppData\Roaming\.purple
2008-11-30 16:03 . 2008-11-30 16:03 <REP> d-------- c:\program files\Pidgin
2008-11-30 16:02 . 2008-11-30 16:02 <REP> d-------- c:\program files\Common Files\GTK
2008-11-30 12:09 . 2008-11-30 12:16 <REP> d-------- c:\program files\LDraw
2008-11-30 00:31 . 2008-11-30 00:31 <REP> d-------- c:\users\All Users\WindowsSearch
2008-11-30 00:31 . 2008-11-30 00:31 <REP> d-------- c:\programdata\WindowsSearch
2008-11-30 00:24 . 2008-11-30 11:21 <REP> d-------- c:\program files\Picasa2
2008-11-30 00:21 . 2008-11-30 00:21 <REP> d-------- c:\users\All Users\eSellerate
2008-11-30 00:21 . 2008-11-30 00:21 <REP> d-------- c:\programdata\eSellerate
2008-11-30 00:21 . 2008-11-30 00:21 <REP> d-------- c:\program files\Western Digital
2008-11-30 00:17 . 2008-11-30 00:21 <REP> d-------- c:\program files\Memeo
2008-11-30 00:16 . 2008-11-30 00:19 <REP> d---s---- c:\users\All Users\Memeo
2008-11-30 00:16 . 2008-11-30 00:19 <REP> d---s---- c:\programdata\Memeo
2008-11-29 20:08 . 2008-11-29 20:08 <REP> d-------- c:\program files\Western Digital Technologies
2008-11-29 17:28 . 2008-11-29 18:12 <REP> d-------- c:\users\Axel\AppData\Roaming\Azureus
2008-11-29 17:28 . 2008-11-29 17:28 <REP> d-------- c:\users\All Users\Azureus
2008-11-29 17:28 . 2008-11-29 17:28 <REP> d-------- c:\programdata\Azureus
2008-11-29 17:26 . 2008-11-29 17:27 <REP> d-------- c:\program files\Vuze
2008-11-29 15:59 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-29 15:59 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-29 15:59 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-29 15:59 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-29 15:58 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-29 15:58 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-29 15:58 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-29 15:58 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-29 15:58 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-29 12:53 . 2005-07-02 18:41 <REP> d-------- c:\users\Axel\Help
2008-11-29 12:53 . 2005-07-02 20:09 1,372,160 --a------ c:\users\Axel\MLCAD.exe
2008-11-29 12:53 . 2005-07-02 18:40 245,760 --a------ c:\users\Axel\mlcad.dll
2008-11-29 00:09 . 2008-11-29 00:09 <REP> d-------- c:\users\Axel\AppData\Roaming\LEGO Company
2008-11-29 00:09 . 2008-11-29 00:09 <REP> d-------- c:\program files\LEGO Company
2008-11-27 17:07 . 2008-11-27 18:26 217,884 --a------ C:\video.pass
2008-11-26 18:23 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 18:23 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 18:23 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 18:23 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 18:23 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-22 10:54 . 2008-11-22 10:54 <REP> d-------- c:\users\All Users\FLEXnet
2008-11-22 10:54 . 2008-11-22 10:54 <REP> d-------- c:\programdata\FLEXnet
2008-11-21 23:54 . 2008-11-21 23:54 <REP> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-21 23:48 . 2008-11-21 23:47 118,520 --------- c:\windows\System32\pxinsi64.exe
2008-11-21 23:48 . 2008-11-21 23:47 116,472 --------- c:\windows\System32\pxcpyi64.exe
2008-11-16 16:22 . 2008-11-16 16:22 <REP> d-------- c:\users\All Users\Roblox
2008-11-16 16:22 . 2008-11-16 16:22 <REP> d-------- c:\programdata\Roblox
2008-11-16 16:22 . 2008-11-16 16:22 <REP> d-------- c:\program files\Roblox
2008-11-13 17:53 . 2008-11-13 17:53 <REP> d-------- c:\program files\GoldBarre
2008-11-13 17:51 . 2008-11-13 18:16 <REP> d-------- c:\windows\Eurobarre
2008-11-13 17:51 . 2008-12-03 06:59 <REP> d-------- c:\program files\Eurobarre
2008-11-13 08:45 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 08:45 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 08:44 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 15:23 . 2008-11-21 21:47 <REP> d-------- c:\program files\HyCam2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 05:59 --------- d-----w c:\users\Axel\AppData\Roaming\Winamp
2008-12-03 05:59 --------- d-----w c:\users\Axel\AppData\Roaming\teamspeak2
2008-12-03 05:59 --------- d-----w c:\programdata\Ulead Systems
2008-12-03 05:59 --------- d-----w c:\program files\RocketDock
2008-12-03 05:58 --------- d-----w c:\program files\Java
2008-12-03 05:58 --------- d-----w c:\program files\Common Files\Java
2008-12-01 18:47 --------- d-----w c:\users\Axel\AppData\Roaming\codeblocks
2008-11-30 20:54 --------- d-----w c:\users\Axel\AppData\Roaming\uTorrent
2008-11-30 16:18 --------- d-----w c:\users\Axel\AppData\Roaming\gtk-2.0
2008-11-29 23:23 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-29 23:23 --------- d-----w c:\program files\Google
2008-11-29 23:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 16:32 --------- d-----w c:\program files\WinTV
2008-11-21 23:08 --------- d-----w c:\programdata\Microsoft Help
2008-11-21 22:56 --------- d-----w c:\program files\Common Files\Adobe
2008-11-21 18:05 --------- d-----w c:\programdata\TrackMania
2008-11-18 18:02 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-14 18:36 --------- d-----w c:\users\Axel\AppData\Roaming\dvdcss
2008-11-13 17:01 --------- d-----w c:\program files\Super macro
2008-11-10 22:21 --------- d-----w c:\program files\Free Video Converter
2008-11-09 13:49 --------- d-----w c:\users\Axel\AppData\Roaming\GSC
2008-10-29 23:53 --------- d-----w c:\users\Axel\AppData\Roaming\mIRC
2008-10-29 23:49 --------- d-----w c:\program files\mIRC
2008-10-29 22:52 --------- d-----w c:\program files\GSC
2008-10-29 22:51 --------- d-----w c:\users\Axel\AppData\Roaming\GSC 2.00
2008-10-29 22:26 --------- d-----w c:\program files\GSC 2.00
2008-10-29 18:52 --------- d-----w c:\program files\Winamp
2008-10-28 18:50 --------- d-----w c:\users\Axel\AppData\Roaming\Sony
2008-10-28 18:50 --------- d-----w c:\programdata\Sony
2008-10-28 18:30 --------- d-----w c:\program files\Sony
2008-10-28 18:30 --------- d-----w c:\program files\Common Files\Sony Shared
2008-10-28 18:29 --------- d-----w c:\program files\QuickTime
2008-10-28 18:28 --------- d-----w c:\program files\Common Files\Apple
2008-10-28 18:27 --------- d-----w c:\programdata\Apple Computer
2008-10-28 18:26 --------- d-----w c:\programdata\Apple
2008-10-28 18:26 --------- d-----w c:\program files\Apple Software Update
2008-10-28 18:22 --------- d-----w c:\users\Axel\AppData\Roaming\Sony Setup
2008-10-28 18:22 --------- d-----w c:\program files\Sony Setup
2008-10-25 01:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-23 13:25 --------- d-----w c:\users\Axel\AppData\Roaming\OpenOffice.org
2008-10-23 13:11 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-23 13:11 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-23 13:11 --------- d-----w c:\program files\JRE
2008-10-23 12:47 --------- d-----w c:\users\Axel\AppData\Roaming\U3
2008-10-23 12:47 --------- d-----w c:\users\Axel\AppData\Roaming\OpenOffice.org2
2008-10-23 12:45 143,792,816 ----a-w c:\users\Axel\OOo_3.0.0_Win32Intel_install_wJRE_fr.exe
2008-10-20 19:46 --------- d---a-w c:\programdata\TEMP
2008-10-20 14:43 --------- d-----w c:\programdata\2DBoy
2008-10-15 21:08 --------- d-----w c:\program files\Windows Mail
2008-10-15 17:31 --------- d-----w c:\users\Axel\AppData\Roaming\Teeworlds
2008-10-13 14:18 --------- d-----w c:\programdata\NOS
2008-10-13 14:18 --------- d-----w c:\program files\NOS
2008-10-11 22:38 --------- d-----w c:\program files\Multiwinia
2008-10-11 11:25 --------- d-----w c:\program files\Lugaru
2008-10-10 20:34 --------- d-----w c:\program files\SpeedFan
2008-10-09 16:43 --------- d-----w c:\program files\Bridge Builder
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 18:14 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 20:16 8,379,944 ----a-w c:\users\Axel\Firefox_Portable_3.0.1_en-us.paf.exe
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-08-05 11:37 174 --sha-w c:\program files\desktop.ini
2005-08-25 20:17 929,280 ----a-w c:\users\Axel\VirtualDubMod.exe
2005-08-25 20:10 9,804 ----a-w c:\users\Axel\vdremote.dll
2005-08-25 20:10 40,960 ----a-w c:\users\Axel\AuxSetup.exe
2005-08-25 20:10 11,340 ----a-w c:\users\Axel\vdicmdrv.dll
2005-08-25 20:09 7,244 ----a-w c:\users\Axel\vdsvrlnk.dll
2003-04-25 22:29 146,944 ----a-w c:\users\Axel\SciLexer.dll
2003-03-11 21:50 48,640 ----a-w c:\users\Axel\vorbis.dll
2003-03-11 21:10 20,992 ----a-w c:\users\Axel\ogg.dll
2003-03-10 15:42 125,440 ----a-w c:\users\Axel\corona.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\System32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\System32\Smab0.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Core Temp"="c:\users\Axel\Downloads\CoreTemp\Core Temp.exe" [2008-08-22 277008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-20 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 184320]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-02-27 688128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-04 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-04 133656]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-04-12 341488]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-30 1838592]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Axel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\users\Axel\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-11-30 73728]
Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [2007-12-13 128224]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-05-25 110647]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-05-23 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5EFBAF42-9487-43D2-80B0-7A118CB9941D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2AB20EE9-6D7B-4B15-B4FD-7D2455D104CB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{41F46A3D-EF10-4ECA-8830-59BBA6C7908B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{7ED98C0D-2150-4E0F-9D8E-ABE3BC5830D1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C344EEB-DC84-4F18-A191-57CAABB30A16}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{82876F27-4C59-4B26-9A50-167BC85FB9D0}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"TCP Query User{3D73B3A6-90FB-42F5-9E85-0C31D2FA9FE0}c:\\users\\axel\\downloads\\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\\packmatronic 1.0 crystalxp.exe"= UDP:c:\users\axel\downloads\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\packmatronic 1.0 crystalxp.exe:packmatronic 1.0 crystalxp.exe
"UDP Query User{D000959F-AB04-4817-9A68-160D16EA16B9}c:\\users\\axel\\downloads\\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\\packmatronic 1.0 crystalxp.exe"= TCP:c:\users\axel\downloads\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\packmatronic 1.0 crystalxp.exe:packmatronic 1.0 crystalxp.exe
"TCP Query User{FF11E901-7441-47A0-8F35-F657E47A8CE8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6BB1CD8A-6988-4CB9-AFBA-8708E8BD715E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C8901803-B327-491C-9A7D-A3851FC5A607}c:\\program files\\firefly studios\\stronghold 2 demo\\stronghold2demo.exe"= UDP:c:\program files\firefly studios\stronghold 2 demo\stronghold2demo.exe:Stronghold 2
"UDP Query User{CE049443-3714-48CB-87B4-C9C8E62ECEE8}c:\\program files\\firefly studios\\stronghold 2 demo\\stronghold2demo.exe"= TCP:c:\program files\firefly studios\stronghold 2 demo\stronghold2demo.exe:Stronghold 2
"TCP Query User{6F6CDE86-430A-4064-BF95-32F413FD0606}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A16693B2-4B35-4CE8-B02C-76D76A1DE456}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{5BA37FDD-8113-491F-914B-B9A8D1B19D56}c:\\program files\\winamp\\winamp.exe"= UDP:c:\program files\winamp\winamp.exe:Winamp
"UDP Query User{7BA2F4C2-5A8C-4330-B580-1446F765A6FD}c:\\program files\\winamp\\winamp.exe"= TCP:c:\program files\winamp\winamp.exe:Winamp
"TCP Query User{C6478398-7B87-4CF4-B8B8-3CCE321C4A01}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{A86D00DA-1C26-479F-AA6F-A03311F65FFD}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{F29F4D69-7559-411B-8348-110233A839AD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C1086466-47B0-4D2E-9A2B-B0B4B5E594EE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2ED108EE-AA90-4C35-89BE-A38D9CAF37BF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{57F55C1D-32AA-4F15-BDFC-A06168EB45EF}"= Disabled:UDP:c:\users\Axel\AppData\Roaming\U3\[u]0/u000167C8775BD3C\[u]0/uDE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"{87647D67-B88D-497B-B2BA-F44DFA8F7AD6}"= Disabled:TCP:c:\users\Axel\AppData\Roaming\U3\[u]0/u000167C8775BD3C\[u]0/uDE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"TCP Query User{6C74E3CE-CF1B-4D5E-B68F-5547E7B80561}i:\\documents\\games\\tmunitedforever\\tmforever.exe"= UDP:i:\documents\games\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{3D102976-9537-424A-AF70-DF046F5D4C24}i:\\documents\\games\\tmunitedforever\\tmforever.exe"= TCP:i:\documents\games\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{234AF7CC-01C0-4BC6-9FCA-FF522206757A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C99F8BBD-8A80-461A-901A-F09015443A8F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{9C918F39-1F7F-4089-A6E3-DDE0693E6934}i:\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:i:\documents\games\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{B815FE30-7C12-4E60-8BF9-CD5A8C859DC5}i:\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:i:\documents\games\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{D4688083-1337-4442-94B3-E69B6375AE57}i:\\documents\\games\\friendly-strike3.exe"= UDP:i:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application
"UDP Query User{D05DCEF2-F381-4C41-9333-2D544451114D}i:\\documents\\games\\friendly-strike3.exe"= TCP:i:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application
"TCP Query User{1DD465ED-7E4E-4CF0-AA29-87C56291184C}c:\\program files\\multiwinia\\multiwinia.exe"= UDP:c:\program files\multiwinia\multiwinia.exe:multiwinia
"UDP Query User{B00286BC-C54F-4F77-AD6A-B14F8356CAE7}c:\\program files\\multiwinia\\multiwinia.exe"= TCP:c:\program files\multiwinia\multiwinia.exe:multiwinia
"TCP Query User{1891C51E-4A2E-4F77-B27F-BF902DF75DCE}k:\\documents\\games\\friendly-strike3.exe"= UDP:k:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application
"UDP Query User{74878CE3-6C4E-4644-8831-6F0BF29599F9}k:\\documents\\games\\friendly-strike3.exe"= TCP:k:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application
"TCP Query User{6E14C996-2E9B-41A4-B187-1835BE0F7E4E}k:\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:k:\documents\games\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{94506BEC-ED50-42FA-B104-67FD98FC0327}k:\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:k:\documents\games\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{13D17499-732F-4F2D-A0E0-5D9CA2E352E3}C:0\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:0\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{AA2ED7D8-BE48-4111-95D3-BE1033DA67B4}C:0\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:0\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{9F88D468-B64F-48D9-85F9-7F2694F59055}C:5\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:5\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{04C41B5F-9F7D-404D-ADD0-D6A98F02AC99}C:5\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:5\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{7CD8B4FD-F414-4EFA-B622-2CAD4201E29A}C:9\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:9\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{E5ACDE34-2B13-4588-ACFF-ACF991DBCD5A}C:9\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:9\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"{043FDF1C-2208-4166-98A0-F3752D46F88C}"= UDP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"{C5F95BC4-52DE-4D0A-ABDD-1E514D68167A}"= TCP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"TCP Query User{BAB358E1-11A6-4E8D-85E0-83720F52BA41}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{BCEB87A1-39E6-4651-8DBA-453B1F6D0691}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{7AE55A68-83CF-49DA-BACD-F7660992BF4C}C:1\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:1\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{8CB85F54-349B-4B3D-936A-D5B8A6A02206}C:1\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:1\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{22C696FB-9854-4B7E-8EB4-347F5090DCB1}C:8\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:8\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{1B1A915D-9256-4CFE-9B6B-0C25667541D2}C:8\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:8\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{F1303448-C621-466E-ABB5-6B6AE8EF9F4F}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{1E1B10A5-A560-4688-825C-6DA9DEB5C6C0}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{2BA2E84F-7E74-43A6-9996-B9D5342CD32C}c:\\program files\\amsn\\bin\\wish.exe"= UDP:c:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{6B4C74EE-4547-46DA-9582-D3084940504F}c:\\program files\\amsn\\bin\\wish.exe"= TCP:c:\program files\amsn\bin\wish.exe:Wish Application

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-24 110160]
R2 AEADIFilters;Andrea ADI Filters Service;c:\windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [2008-07-18 21504]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2008-07-18 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-05-24 51792]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2008-05-25 435200]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-05-08 24880]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-05-08 539936]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-01-23 179200]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-13 33752]
S3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66xxx.sys [2008-05-25 418304]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1282b18f-98ee-11dd-9fcd-001a6b8379c0}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c31fb9-2a2d-11dd-b070-001a6b8379c0}]
\shell\AutoRun\command - K:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c31fbc-2a2d-11dd-b070-001a6b8379c0}]
\shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aadf009e-bcf1-11dd-985d-001a4b57e93a}]
\shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

*Newly Created Service* - ALSYSIO
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
HKLM-Run-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
HKLM-Run-MSServer - c:\windows\system32\opnnnmnO.dll

.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\users\Axel\AppData\Roaming\Mozilla\Firefox\Profiles\xb1l3ps2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?hl=fr
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF -: plugin - c:\users\Axel\AppData\Roaming\Mozilla\Firefox\Profiles\xb1l3ps2.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}\plugins\np_gp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 20:11:07
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(696)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(4756)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\System32\conime.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\SMINST\Scheduler.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\combofix\hidec.exe
c:\program files\WinTV\EPG Services\System\EPGClient.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\Memeo\AutoBackup\MemeoBackup.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Memeo\AutoSync\MemeoAutoSync.exe
c:\combofix\Catchme.tmp
.
**************************************************************************
.
Heure de fin: 2008-12-03 20:19:42 - La machine a redémarré [Axel]
ComboFix-quarantined-files.txt 2008-12-03 19:18:08
ComboFix2.txt 2008-12-01 19:57:52

Avant-CF: 62,253,768,704 octets libres
Après-CF: 62,444,298,240 octets libres

402 --- E O F --- 2008-12-01 18:22:14

g!rly · Answer

salut maxwell, désolé pour le retard..

la suite :

Copie le texte ci-dessous :

File::
c:\windows\System32\xxyabxWQ.dll
c:\windows\System32
clsrsev.exe
c:\windows\System32\koewbkjt.exe
c:\windows\System32\shbarbbz.exe
c:\windows\System32\gibhmegx.exe
c:\windows\System32\wfiqnazv.exe
c:\windows\System32\fistzljt.exe
c:\windows\System32\lcdvsgce.exe
c:\windows\System32\ajwummim.exe
c:\windows\System32\uzhxavpi.exe
C:\ous.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

maxwell302 · Answer

Re !

Voila le rapport combofix :

ComboFix 08-12-02.02 - Axel 2008-12-04 17:29:41.2 - NTFSx86
Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.997 [GMT 1:00]
Lancé depuis: c:\users\Axel\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Axel\Desktop\CFScript.txt

FILE ::
C:\ous.exe
c:\windows\System32\ajwummim.exe
c:\windows\System32\fistzljt.exe
c:\windows\System32\gibhmegx.exe
c:\windows\System32\koewbkjt.exe
c:\windows\System32\lcdvsgce.exe
c:\windows\System32\nclsrsev.exe
c:\windows\System32\shbarbbz.exe
c:\windows\System32\uzhxavpi.exe
c:\windows\System32\wfiqnazv.exe
c:\windows\System32\xxyabxWQ.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ous.exe
c:\windows\System32\ajwummim.exe
c:\windows\System32\fistzljt.exe
c:\windows\System32\gibhmegx.exe
c:\windows\System32\koewbkjt.exe
c:\windows\System32\lcdvsgce.exe
c:\windows\System32\nclsrsev.exe
c:\windows\System32\shbarbbz.exe
c:\windows\System32\uzhxavpi.exe
c:\windows\System32\wfiqnazv.exe
c:\windows\System32\xxyabxWQ.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-04 au 2008-12-04 ))))))))))))))))))))))))))))))))))))
.

2008-12-03 19:44 . 2008-12-03 19:44 <REP> d--h----- c:\windows\PIF
2008-12-03 19:31 . 2008-12-03 19:36 <REP> d-------- c:\program files\RegCleaner
2008-12-02 21:42 . 2008-12-02 21:42 <REP> d-------- c:\program files\Kerio
2008-12-02 21:34 . 2008-12-02 21:38 <REP> d-------- c:\program files\Java(38)
2008-12-02 21:34 . 2008-12-02 21:34 <REP> d-------- c:\program files\Common Files\Java(37)
2008-12-02 16:47 . 2008-12-02 16:47 <REP> d-------- c:\users\All Users\Avira
2008-12-02 16:47 . 2008-12-02 16:47 <REP> d-------- c:\programdata\Avira
2008-12-02 16:47 . 2008-12-02 16:47 <REP> d-------- c:\program files\Avira
2008-12-02 14:45 . 2008-12-02 14:45 <REP> d-------- c:\program files\Armada Online Alpha
2008-12-01 21:46 . 2008-12-01 21:46 <REP> d-------- c:\users\Axel\AppData\Roaming\Malwarebytes
2008-12-01 21:46 . 2008-12-01 21:46 <REP> d-------- c:\users\All Users\Malwarebytes
2008-12-01 21:46 . 2008-12-01 21:46 <REP> d-------- c:\programdata\Malwarebytes
2008-12-01 21:46 . 2008-12-01 21:46 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-30 20:26 . 2008-11-30 20:27 <REP> d-------- c:\users\Axel\amsn
2008-11-30 20:24 . 2008-11-30 20:25 <REP> d-------- c:\program files\aMSN
2008-11-30 16:03 . 2008-12-03 19:10 <REP> d-------- c:\users\Axel\AppData\Roaming\.purple
2008-11-30 16:03 . 2008-11-30 16:03 <REP> d-------- c:\program files\Pidgin
2008-11-30 16:02 . 2008-11-30 16:02 <REP> d-------- c:\program files\Common Files\GTK
2008-11-30 12:09 . 2008-11-30 12:16 <REP> d-------- c:\program files\LDraw
2008-11-30 00:31 . 2008-11-30 00:31 <REP> d-------- c:\users\All Users\WindowsSearch
2008-11-30 00:31 . 2008-11-30 00:31 <REP> d-------- c:\programdata\WindowsSearch
2008-11-30 00:24 . 2008-11-30 11:21 <REP> d-------- c:\program files\Picasa2
2008-11-30 00:21 . 2008-11-30 00:21 <REP> d-------- c:\users\All Users\eSellerate
2008-11-30 00:21 . 2008-11-30 00:21 <REP> d-------- c:\programdata\eSellerate
2008-11-30 00:21 . 2008-11-30 00:21 <REP> d-------- c:\program files\Western Digital
2008-11-30 00:17 . 2008-11-30 00:21 <REP> d-------- c:\program files\Memeo
2008-11-30 00:16 . 2008-11-30 00:19 <REP> d---s---- c:\users\All Users\Memeo
2008-11-30 00:16 . 2008-11-30 00:19 <REP> d---s---- c:\programdata\Memeo
2008-11-29 20:08 . 2008-11-29 20:08 <REP> d-------- c:\program files\Western Digital Technologies
2008-11-29 17:28 . 2008-11-29 18:12 <REP> d-------- c:\users\Axel\AppData\Roaming\Azureus
2008-11-29 17:28 . 2008-11-29 17:28 <REP> d-------- c:\users\All Users\Azureus
2008-11-29 17:28 . 2008-11-29 17:28 <REP> d-------- c:\programdata\Azureus
2008-11-29 17:26 . 2008-11-29 17:27 <REP> d-------- c:\program files\Vuze
2008-11-29 15:59 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-29 15:59 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-29 15:59 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-29 15:59 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-29 15:58 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-29 15:58 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-29 15:58 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-29 15:58 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-29 15:58 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-29 12:53 . 2005-07-02 18:41 <REP> d-------- c:\users\Axel\Help
2008-11-29 12:53 . 2005-07-02 20:09 1,372,160 --a------ c:\users\Axel\MLCAD.exe
2008-11-29 12:53 . 2005-07-02 18:40 245,760 --a------ c:\users\Axel\mlcad.dll
2008-11-29 00:09 . 2008-11-29 00:09 <REP> d-------- c:\users\Axel\AppData\Roaming\LEGO Company
2008-11-29 00:09 . 2008-11-29 00:09 <REP> d-------- c:\program files\LEGO Company
2008-11-27 17:07 . 2008-11-27 18:26 217,884 --a------ C:\video.pass
2008-11-26 18:23 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 18:23 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 18:23 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 18:23 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 18:23 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-22 10:54 . 2008-11-22 10:54 <REP> d-------- c:\users\All Users\FLEXnet
2008-11-22 10:54 . 2008-11-22 10:54 <REP> d-------- c:\programdata\FLEXnet
2008-11-21 23:54 . 2008-11-21 23:54 <REP> d-------- c:\program files\Common Files\Macrovision Shared
2008-11-21 23:48 . 2008-11-21 23:47 118,520 --------- c:\windows\System32\pxinsi64.exe
2008-11-21 23:48 . 2008-11-21 23:47 116,472 --------- c:\windows\System32\pxcpyi64.exe
2008-11-16 16:22 . 2008-11-16 16:22 <REP> d-------- c:\users\All Users\Roblox
2008-11-16 16:22 . 2008-11-16 16:22 <REP> d-------- c:\programdata\Roblox
2008-11-16 16:22 . 2008-11-16 16:22 <REP> d-------- c:\program files\Roblox
2008-11-13 17:53 . 2008-11-13 17:53 <REP> d-------- c:\program files\GoldBarre
2008-11-13 17:51 . 2008-11-13 18:16 <REP> d-------- c:\windows\Eurobarre
2008-11-13 17:51 . 2008-12-03 06:59 <REP> d-------- c:\program files\Eurobarre
2008-11-13 08:45 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 08:45 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-13 08:44 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 15:23 . 2008-11-21 21:47 <REP> d-------- c:\program files\HyCam2

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 16:25 --------- d-----w c:\users\Axel\AppData\Roaming\uTorrent
2008-12-04 16:25 --------- d-----w c:\users\Axel\AppData\Roaming\codeblocks
2008-12-03 05:59 --------- d-----w c:\users\Axel\AppData\Roaming\Winamp
2008-12-03 05:59 --------- d-----w c:\users\Axel\AppData\Roaming\teamspeak2
2008-12-03 05:59 --------- d-----w c:\programdata\Ulead Systems
2008-12-03 05:59 --------- d-----w c:\program files\RocketDock
2008-12-03 05:58 --------- d-----w c:\program files\Java
2008-12-03 05:58 --------- d-----w c:\program files\Common Files\Java
2008-11-30 16:18 --------- d-----w c:\users\Axel\AppData\Roaming\gtk-2.0
2008-11-29 23:23 --------- d-----w c:\program files\Mozilla Thunderbird
2008-11-29 23:23 --------- d-----w c:\program files\Google
2008-11-29 23:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 16:32 --------- d-----w c:\program files\WinTV
2008-11-21 23:08 --------- d-----w c:\programdata\Microsoft Help
2008-11-21 22:56 --------- d-----w c:\program files\Common Files\Adobe
2008-11-21 18:05 --------- d-----w c:\programdata\TrackMania
2008-11-18 18:02 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2008-11-14 18:36 --------- d-----w c:\users\Axel\AppData\Roaming\dvdcss
2008-11-13 17:01 --------- d-----w c:\program files\Super macro
2008-11-10 22:21 --------- d-----w c:\program files\Free Video Converter
2008-11-09 13:49 --------- d-----w c:\users\Axel\AppData\Roaming\GSC
2008-10-29 23:53 --------- d-----w c:\users\Axel\AppData\Roaming\mIRC
2008-10-29 23:49 --------- d-----w c:\program files\mIRC
2008-10-29 22:52 --------- d-----w c:\program files\GSC
2008-10-29 22:51 --------- d-----w c:\users\Axel\AppData\Roaming\GSC 2.00
2008-10-29 22:26 --------- d-----w c:\program files\GSC 2.00
2008-10-29 18:52 --------- d-----w c:\program files\Winamp
2008-10-28 18:50 --------- d-----w c:\users\Axel\AppData\Roaming\Sony
2008-10-28 18:50 --------- d-----w c:\programdata\Sony
2008-10-28 18:30 --------- d-----w c:\program files\Sony
2008-10-28 18:30 --------- d-----w c:\program files\Common Files\Sony Shared
2008-10-28 18:29 --------- d-----w c:\program files\QuickTime
2008-10-28 18:28 --------- d-----w c:\program files\Common Files\Apple
2008-10-28 18:27 --------- d-----w c:\programdata\Apple Computer
2008-10-28 18:26 --------- d-----w c:\programdata\Apple
2008-10-28 18:26 --------- d-----w c:\program files\Apple Software Update
2008-10-28 18:22 --------- d-----w c:\users\Axel\AppData\Roaming\Sony Setup
2008-10-28 18:22 --------- d-----w c:\program files\Sony Setup
2008-10-25 01:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-23 13:25 --------- d-----w c:\users\Axel\AppData\Roaming\OpenOffice.org
2008-10-23 13:11 --------- d-----w c:\program files\OpenOffice.org 3
2008-10-23 13:11 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-10-23 13:11 --------- d-----w c:\program files\JRE
2008-10-23 12:47 --------- d-----w c:\users\Axel\AppData\Roaming\U3
2008-10-23 12:47 --------- d-----w c:\users\Axel\AppData\Roaming\OpenOffice.org2
2008-10-23 12:45 143,792,816 ----a-w c:\users\Axel\OOo_3.0.0_Win32Intel_install_wJRE_fr.exe
2008-10-20 19:46 --------- d---a-w c:\programdata\TEMP
2008-10-20 14:43 --------- d-----w c:\programdata\2DBoy
2008-10-15 21:08 --------- d-----w c:\program files\Windows Mail
2008-10-15 17:31 --------- d-----w c:\users\Axel\AppData\Roaming\Teeworlds
2008-10-13 14:18 --------- d-----w c:\programdata\NOS
2008-10-13 14:18 --------- d-----w c:\program files\NOS
2008-10-11 22:38 --------- d-----w c:\program files\Multiwinia
2008-10-11 11:25 --------- d-----w c:\program files\Lugaru
2008-10-10 20:34 --------- d-----w c:\program files\SpeedFan
2008-10-09 16:43 --------- d-----w c:\program files\Bridge Builder
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 18:14 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-22 20:16 8,379,944 ----a-w c:\users\Axel\Firefox_Portable_3.0.1_en-us.paf.exe
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-08-05 11:37 174 --sha-w c:\program files\desktop.ini
2005-08-25 20:17 929,280 ----a-w c:\users\Axel\VirtualDubMod.exe
2005-08-25 20:10 9,804 ----a-w c:\users\Axel\vdremote.dll
2005-08-25 20:10 40,960 ----a-w c:\users\Axel\AuxSetup.exe
2005-08-25 20:10 11,340 ----a-w c:\users\Axel\vdicmdrv.dll
2005-08-25 20:09 7,244 ----a-w c:\users\Axel\vdsvrlnk.dll
2003-04-25 22:29 146,944 ----a-w c:\users\Axel\SciLexer.dll
2003-03-11 21:50 48,640 ----a-w c:\users\Axel\vorbis.dll
2003-03-11 21:10 20,992 ----a-w c:\users\Axel\ogg.dll
2003-03-10 15:42 125,440 ----a-w c:\users\Axel\corona.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r c:\windows\System32\msfDX.dll
2007-12-17 13:43 27,648 --sh--w c:\windows\System32\Smab0.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-03_20.17.01.93 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-03 19:10:49 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-04 16:38:12 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-12-04 16:38:12 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-12-03 19:10:49 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-04 16:38:14 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-12-04 16:38:14 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-12-03 18:53:21 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-03 21:20:01 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-03 18:53:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-03 21:20:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-12-03 18:53:21 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-03 21:20:01 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-03 18:59:54 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-04 16:28:43 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2008-12-04 16:28:43 262,144 ---ha-w c:\windows\System32\config\systemprofile\ntuser.dat.LOG1
- 2008-12-02 21:09:35 123,306 ----a-w c:\windows\System32\perfc009.dat
+ 2008-12-03 20:38:10 123,306 ----a-w c:\windows\System32\perfc009.dat
- 2008-12-02 21:09:35 151,724 ----a-w c:\windows\System32\perfc00C.dat
+ 2008-12-03 20:38:10 151,724 ----a-w c:\windows\System32\perfc00C.dat
- 2008-12-02 21:09:35 645,118 ----a-w c:\windows\System32\perfh009.dat
+ 2008-12-03 20:38:10 645,118 ----a-w c:\windows\System32\perfh009.dat
- 2008-12-02 21:09:35 736,198 ----a-w c:\windows\System32\perfh00C.dat
+ 2008-12-03 20:38:10 736,198 ----a-w c:\windows\System32\perfh00C.dat
- 2008-12-03 18:40:29 6,868 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2036412767-3205450058-3807807548-1006_UserData.bin
+ 2008-12-03 19:13:01 7,154 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2036412767-3205450058-3807807548-1006_UserData.bin
- 2008-12-03 18:55:40 86,434 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-03 19:13:01 86,608 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-03 18:36:59 6,362 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-12-04 16:36:39 6,362 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-12-03 17:38:08 400,414 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-12-04 12:13:57 403,462 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Core Temp"="c:\users\Axel\Downloads\CoreTemp\Core Temp.exe" [2008-08-22 277008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-02-20 331552]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 159744]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-05 184320]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"EPGServiceTool"="c:\progra~1\WinTV\EPG Services\System\EPGClient.exe" [2008-02-27 688128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-04 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-04 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-04 133656]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-04-12 341488]
"au"="c:\program files\Dealio\DealioAU.exe" [2008-05-26 595296]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-30 1838592]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-09 44168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Axel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Memeo AutoBackup Launcher.lnk - c:\users\Axel\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe [2008-11-30 73728]
Memeo AutoSync Launcher.lnk - c:\program files\Memeo\AutoSync\MemeoLauncher.exe [2007-12-13 128224]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2008-05-25 110647]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-12-20 719664]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-05-23 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5EFBAF42-9487-43D2-80B0-7A118CB9941D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{2AB20EE9-6D7B-4B15-B4FD-7D2455D104CB}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{41F46A3D-EF10-4ECA-8830-59BBA6C7908B}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{7ED98C0D-2150-4E0F-9D8E-ABE3BC5830D1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{9C344EEB-DC84-4F18-A191-57CAABB30A16}c:\\program files\\shareaza\\shareaza.exe"= UDP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"UDP Query User{82876F27-4C59-4B26-9A50-167BC85FB9D0}c:\\program files\\shareaza\\shareaza.exe"= TCP:c:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing
"TCP Query User{3D73B3A6-90FB-42F5-9E85-0C31D2FA9FE0}c:\\users\\axel\\downloads\\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\\packmatronic 1.0 crystalxp.exe"= UDP:c:\users\axel\downloads\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\packmatronic 1.0 crystalxp.exe:packmatronic 1.0 crystalxp.exe
"UDP Query User{D000959F-AB04-4817-9A68-160D16EA16B9}c:\\users\\axel\\downloads\\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\\packmatronic 1.0 crystalxp.exe"= TCP:c:\users\axel\downloads\smileys-pour-msn-ou-live-messenger-crystalxp.net-fr-388\packmatronic 1.0 crystalxp.exe:packmatronic 1.0 crystalxp.exe
"TCP Query User{FF11E901-7441-47A0-8F35-F657E47A8CE8}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6BB1CD8A-6988-4CB9-AFBA-8708E8BD715E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C8901803-B327-491C-9A7D-A3851FC5A607}c:\\program files\\firefly studios\\stronghold 2 demo\\stronghold2demo.exe"= UDP:c:\program files\firefly studios\stronghold 2 demo\stronghold2demo.exe:Stronghold 2
"UDP Query User{CE049443-3714-48CB-87B4-C9C8E62ECEE8}c:\\program files\\firefly studios\\stronghold 2 demo\\stronghold2demo.exe"= TCP:c:\program files\firefly studios\stronghold 2 demo\stronghold2demo.exe:Stronghold 2
"TCP Query User{6F6CDE86-430A-4064-BF95-32F413FD0606}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A16693B2-4B35-4CE8-B02C-76D76A1DE456}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{5BA37FDD-8113-491F-914B-B9A8D1B19D56}c:\\program files\\winamp\\winamp.exe"= UDP:c:\program files\winamp\winamp.exe:Winamp
"UDP Query User{7BA2F4C2-5A8C-4330-B580-1446F765A6FD}c:\\program files\\winamp\\winamp.exe"= TCP:c:\program files\winamp\winamp.exe:Winamp
"TCP Query User{C6478398-7B87-4CF4-B8B8-3CCE321C4A01}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= UDP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"UDP Query User{A86D00DA-1C26-479F-AA6F-A03311F65FFD}c:\\program files\\activision\\call of duty 2\\cod2mp_s.exe"= TCP:c:\program files\activision\call of duty 2\cod2mp_s.exe:CoD2MP_s
"{F29F4D69-7559-411B-8348-110233A839AD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C1086466-47B0-4D2E-9A2B-B0B4B5E594EE}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{2ED108EE-AA90-4C35-89BE-A38D9CAF37BF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{57F55C1D-32AA-4F15-BDFC-A06168EB45EF}"= Disabled:UDP:c:\users\Axel\AppData\Roaming\U3\[u]0/u000167C8775BD3C\[u]0/uDE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"{87647D67-B88D-497B-B2BA-F44DFA8F7AD6}"= Disabled:TCP:c:\users\Axel\AppData\Roaming\U3\[u]0/u000167C8775BD3C\[u]0/uDE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:Skype
"TCP Query User{6C74E3CE-CF1B-4D5E-B68F-5547E7B80561}i:\\documents\\games\\tmunitedforever\\tmforever.exe"= UDP:i:\documents\games\tmunitedforever\tmforever.exe:TmForever
"UDP Query User{3D102976-9537-424A-AF70-DF046F5D4C24}i:\\documents\\games\\tmunitedforever\\tmforever.exe"= TCP:i:\documents\games\tmunitedforever\tmforever.exe:TmForever
"TCP Query User{234AF7CC-01C0-4BC6-9FCA-FF522206757A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{C99F8BBD-8A80-461A-901A-F09015443A8F}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{9C918F39-1F7F-4089-A6E3-DDE0693E6934}i:\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:i:\documents\games\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{B815FE30-7C12-4E60-8BF9-CD5A8C859DC5}i:\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:i:\documents\games\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{D4688083-1337-4442-94B3-E69B6375AE57}i:\\documents\\games\\friendly-strike3.exe"= UDP:i:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application
"UDP Query User{D05DCEF2-F381-4C41-9333-2D544451114D}i:\\documents\\games\\friendly-strike3.exe"= TCP:i:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application
"TCP Query User{1DD465ED-7E4E-4CF0-AA29-87C56291184C}c:\\program files\\multiwinia\\multiwinia.exe"= UDP:c:\program files\multiwinia\multiwinia.exe:multiwinia
"UDP Query User{B00286BC-C54F-4F77-AD6A-B14F8356CAE7}c:\\program files\\multiwinia\\multiwinia.exe"= TCP:c:\program files\multiwinia\multiwinia.exe:multiwinia
"TCP Query User{1891C51E-4A2E-4F77-B27F-BF902DF75DCE}k:\\documents\\games\\friendly-strike3.exe"= UDP:k:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application
"UDP Query User{74878CE3-6C4E-4644-8831-6F0BF29599F9}k:\\documents\\games\\friendly-strike3.exe"= TCP:k:\documents\games\friendly-strike3.exe:Multimedia Fusion Stand Alone Application
"TCP Query User{6E14C996-2E9B-41A4-B187-1835BE0F7E4E}k:\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:k:\documents\games\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{94506BEC-ED50-42FA-B104-67FD98FC0327}k:\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:k:\documents\games\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{13D17499-732F-4F2D-A0E0-5D9CA2E352E3}C:0\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:0\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{AA2ED7D8-BE48-4111-95D3-BE1033DA67B4}C:0\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:0\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{9F88D468-B64F-48D9-85F9-7F2694F59055}C:5\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:5\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{04C41B5F-9F7D-404D-ADD0-D6A98F02AC99}C:5\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:5\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{7CD8B4FD-F414-4EFA-B622-2CAD4201E29A}C:9\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:9\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{E5ACDE34-2B13-4588-ACFF-ACF991DBCD5A}C:9\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:9\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"{043FDF1C-2208-4166-98A0-F3752D46F88C}"= UDP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"{C5F95BC4-52DE-4D0A-ABDD-1E514D68167A}"= TCP:c:\program files\Sony\Media Manager for PSP\MediaManager.exe:Media Manager for PSP 3.0
"TCP Query User{BAB358E1-11A6-4E8D-85E0-83720F52BA41}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{BCEB87A1-39E6-4651-8DBA-453B1F6D0691}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{7AE55A68-83CF-49DA-BACD-F7660992BF4C}C:1\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:1\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{8CB85F54-349B-4B3D-936A-D5B8A6A02206}C:1\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:1\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{22C696FB-9854-4B7E-8EB4-347F5090DCB1}C:8\\documents\\games\\tmnationsforever\\tmforever.exe"= UDP:C:8\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"UDP Query User{1B1A915D-9256-4CFE-9B6B-0C25667541D2}C:8\\documents\\games\\tmnationsforever\\tmforever.exe"= TCP:C:8\documents\games\tmnationsforever\tmforever.exe:tmforever.exe
"TCP Query User{F1303448-C621-466E-ABB5-6B6AE8EF9F4F}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{1E1B10A5-A560-4688-825C-6DA9DEB5C6C0}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{2BA2E84F-7E74-43A6-9996-B9D5342CD32C}c:\\program files\\amsn\\bin\\wish.exe"= UDP:c:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{6B4C74EE-4547-46DA-9582-D3084940504F}c:\\program files\\amsn\\bin\\wish.exe"= TCP:c:\program files\amsn\bin\wish.exe:Wish Application

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-05-24 110160]
R2 AEADIFilters;Andrea ADI Filters Service;c:\windows\system32\AEADISRV.EXE [2007-02-06 69632]
R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [2008-07-18 21504]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [2008-07-18 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-05-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-05-24 51792]
R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;"c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-16 30312]
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [2008-05-25 435200]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2007-05-08 24880]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-05-08 539936]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-01-23 179200]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-13 33752]
S3 hcw66xxx;WinTV HVR-900H;c:\windows\system32\Drivers\hcw66xxx.sys [2008-05-25 418304]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2008-02-26 29183504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1282b18f-98ee-11dd-9fcd-001a6b8379c0}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c31fb9-2a2d-11dd-b070-001a6b8379c0}]
\shell\AutoRun\command - K:\StartPortableApps.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27c31fbc-2a2d-11dd-b070-001a6b8379c0}]
\shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aadf009e-bcf1-11dd-985d-001a4b57e93a}]
\shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

*Newly Created Service* - ALSYSIO
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 17:38:28
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(696)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'Explorer.exe'(2716)
c:\program files\RocketDock\RocketDock.dll
c:\program files\Hewlett-Packard\IAM\bin\ItClient.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\System32\conime.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\PDF Complete\pdfsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\SMINST\Scheduler.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\WinTV\EPG Services\System\EPGClient.exe
c:\windows\System32\igfxsrvc.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\windows\System32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Memeo\AutoBackup\MemeoBackup.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Memeo\AutoSync\MemeoAutoSync.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2008-12-04 17:45:57 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-04 16:45:47
ComboFix2.txt 2008-12-03 19:19:43
ComboFix3.txt 2008-12-01 19:57:52

Avant-CF: 61 799 100 416 octets libres
Après-CF: 61,553,393,664 octets libres

422 --- E O F --- 2008-12-01 18:22:14

Et le rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:05, on 04/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Axel\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://dufpy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Core Temp] "C:\Users\Axel\Downloads\CoreTemp\Core Temp.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Axel\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

g!rly · Answer

supprime avast !

puis fais un scan avec malwarebytes et post son rapport

@+

maxwell302 · Answer

Pour Avast je l'ai supprimé, plus rien dans program files ni autre part.

Voila le rapport de malwarebytes:

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1460
Windows 6.0.6001 Service Pack 1

04/12/2008 21:29:19
mbam-log-2008-12-04 (21-29-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 203303
Temps écoulé: 1 hour(s), 19 minute(s), 48 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Users\Axel\Downloads\installation.exe (Trojan.Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Eurobarre\eb.exe (Adware.Eurobarre) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\System32\xxyabxWQ.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Axel\Firefox_Portable_3.0.1_en-us.paf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\Axel\OOo_3.0.0_Win32Intel_install_wJRE_fr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

g!rly · Answer

ok maxwell, 

post un nouveau rapport hijack this stp

@+

maxwell302 · Answer

Voila ! 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:08, on 05/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\SMINST\scheduler.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\Explorer.exe
C:\Windows\system32
otepad.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\Axel\Desktop\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://dufpy.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Core Temp] "C:\Users\Axel\Downloads\CoreTemp\Core Temp.exe"
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Memeo AutoBackup Launcher.lnk = ?
O4 - Startup: Memeo AutoSync Launcher.lnk = C:\Program Files\Memeo\AutoSync\MemeoLauncher.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Axel\AppData\LocalLow\Dealio\kb127es\DealioSearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

g!rly · Answer

ok maxwell, 

pour finir passe antivir en mode sans echec et post son rapport stp

@+

Win32/Vundo.gen!AA

35 réponses

Votre réponse

Discussions similaires

Newsletters