Ralentisement sur l'explorateur internet

[-_-']

Bonjours à tous, tout d'abord j'ai eu un mal fou pour me connecter sur votre forum !!!

Je n'ai même pu créé mon propre compte et j'ai du donc prendre pour quelque message le pseudo d'un ami (merci pour lui).

 

Bref voilà mon problème, depuis hier après avoir télécharger un moteur de clé j'ai reçu la visite de messages tel que :

 

"Windows antivirus

 

Windows hs detected spyware infection!

 

It is recommended to use special antisypware tools to prevent data loss. Windows will now download and install the most up to date software for you.

 

click here to protext your computer from spyware!"

 

(le premier s'affiche toute les 5 minutes voir moins et sous forme d'info bulle)

 

ou

 

"Windows Security alert

 

Warning! Potential Spyware Operation!

 

Your computer is making unauthorized copies of your system and internet files. run full scan now prevent to prevent any unauthorized access to your files! click here to download spyware remover...

 

Oui / Non"

 

(le seconde s'affiche à l'ouverture d'un explorateur internet)

 

ou bien

 

" Annonce de la page http://www.malware-alert.com :

 

Attention ! if your computer is infected, you could suffer data loss, erratic PC behaviour, Pc freezes and creahes.

 

detect and remove viruses before they damage your computer!

Xp antivirus will perform a quick and 100% free scan of your computer for viruses, spyware and adware.

 

Do you want to install Xp antivirus to scan your computer for malware now ? (recommended)

 

Ok / Annuler)

 

(le dernier s'affiche dans l'explorateur internet et coupe toutes autres pages ouverte)

 

Le problème principal est le ralentissement de l'affichage des pages internet quand je navigue !!

 

J'ai testé avec Internet Explorer, Firefox 2.2, firefox 3.0, Opera 9.3 et Opera 9.5.

 

IE ne s'affiche que une page blanche qui recherche toujours et toujours..

 

Opera 9.3 et 9.5 ralentie et/ou ne répond plus

 

Firefox 2.2 et firefox 3.0 ralentie seulement, environ 5 secondes pour écrire une simple lettre !

 

Je vous donne le rapport de Hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 23:41:27, on 18/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rlvknlg.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\OneStepSearch\onestep.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\OneStepSearch\onestep.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Messenger\msmsgs.exe

C:\d.exe

C:\documents and settings\new\local settings\application data\wygqoek.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\New\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=66027

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [RelevantKnowledge] c:\windows\system32\rlvknlg.exe -boot

O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

O4 - HKLM\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\New\LOCALS~1\Temp\winlogan.exe

O4 - HKLM\..\Run: [38f679f9] rundll32.exe "C:\WINDOWS\system32\whklayrp.dll",b

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [bM3bc54a65] Rundll32.exe "C:\WINDOWS\system32\ybsukefd.dll",s

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\RunOnce: [*WanadooMail] C:\WINDOWS\system32\WanadooMail.exe

O4 - HKLM\..\RunOnce: [aswAhAScr.dll] C:\PROGRA~1\ALWILS~1\Avast4\ASWREG~1.EXE "C:\Program Files\Alwil Software\Avast4\AhAScr.dll"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe

O4 - HKCU\..\Run: [jdgf894jrghoiiskd] C:\DOCUME~1\New\LOCALS~1\Temp\winlogan.exe

O4 - HKCU\..\Run: [WintelUpdate] C:\d.exe

O4 - HKCU\..\Run: [Jnskdfmf9eldfd] C:\DOCUME~1\New\LOCALS~1\Temp\csrssc.exe

O4 - HKCU\..\Run: [wygqoek] c:\documents and settings\new\local settings\application data\wygqoek.exe wygqoek

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Mail Scanner (avast! mail scanner) - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner (avast! web scanner) - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

Merci d'avance pour votre aide !!

[Falkra]

Bonjour,

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

• Assure toi que tous les programmes sont fermés avant de commencer.
  
• Double-clique combofix.exe afin de l'exécuter.
  
• Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  
• Il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  
• Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  
• Lorsque l'analyse sera terminée, un rapport apparaîtra.
  
• Copie-colle ce rapport dans ta prochaine réponse.
  Le rapport se trouve dans : C:\Combofix.txt (si jamais).
  
• Pour plus d'information et un tuto illustré, voici le seul tuto officiel et autorisé : http://www.bleepingcomputer.com/combofix/f...iliser-combofix
  

 

Poste ensuite un rapport HijackThis, mais fait avec cette version :

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

[-_-']

ComboFix 08-06-16.5 - New 2008-06-19 13:03:42.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.175 [GMT 2:00]

Endroit: C:\Documents and Settings\New\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\Documents and Settings\New\Local Settings\Application Data\wygqoek.dat

c:\documents and settings\new\local settings\application data\wygqoek.exe

c:\Documents and Settings\New\Local Settings\Application Data\wygqoek_nav.dat

c:\Documents and Settings\New\Local Settings\Application Data\wygqoek_navps.dat

C:\Program Files\hottvplayer

C:\Program Files\hottvplayer\hottv.ico

C:\WINDOWS\BM3bc54a65.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\crbrhhxuam.dat

C:\WINDOWS\system32\crbrhhxuam_nav.dat

C:\WINDOWS\system32\crbrhhxuam_navps.dat

C:\WINDOWS\system32\dwdbxoih.dll

C:\WINDOWS\system32\ftwtbcax.dll

C:\WINDOWS\system32\jenpvbdm.ini

C:\WINDOWS\system32\ldpackage.dll

C:\WINDOWS\system32\lyiwyxof.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\model.dat

C:\WINDOWS\system32\narqwe.sys

C:\WINDOWS\system32\nnnkJDwV.dll

C:\WINDOWS\system32\nvs2.inf

C:\WINDOWS\system32\pryalkhw.ini

C:\WINDOWS\system32\rlls.dll

C:\WINDOWS\system32\rlvknlg.exe

C:\WINDOWS\system32\rlxf.dll

C:\WINDOWS\system32\ugiwmvjl.dll

C:\WINDOWS\system32\UpMedia

C:\WINDOWS\system32\VwDJknnn.ini

C:\WINDOWS\system32\VwDJknnn.ini2

C:\WINDOWS\system32\whklayrp.dll

C:\WINDOWS\system32\ybsukefd.dll

C:\WINDOWS\system32\yefdbsbkb.dat

C:\WINDOWS\system32\yefdbsbkb_nav.dat

C:\WINDOWS\system32\yefdbsbkb_navps.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_narqwe

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-19 to 2008-06-19 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-19 00:59 . 2008-06-19 00:59 <REP> d-------- C:\Program Files\Avira

2008-06-19 00:59 . 2008-06-19 00:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-19 00:58 . 2008-06-19 00:58 118,784 --a------ C:\WINDOWS\system32\rlai.dll

2008-06-18 22:06 . 2008-06-18 23:15 <REP> d-------- C:\Program Files\Opera

2008-06-18 19:43 . 2008-06-18 17:04 16,768 --a------ C:\WINDOWS\system32\108.tmp

2008-06-18 17:18 . 2008-06-18 17:18 <REP> d-------- C:\Program Files\Fichiers communs\Ankiro

2008-06-18 17:17 . 2008-06-18 17:17 <REP> d-------- C:\Program Files\Fichiers communs\Application

2008-06-18 17:16 . 2008-06-18 17:18 <REP> d-------- C:\Program Files\SPAMfighter

2008-06-18 17:13 . 2008-06-18 17:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FiltraSpam

2008-06-18 17:12 . 2008-06-18 17:13 <REP> d-------- C:\Program Files\FiltraSpam

2008-06-18 17:10 . 2008-06-18 17:11 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-06-18 17:04 . 2008-06-18 17:03 16,768 --a------ C:\WINDOWS\system32\56.tmp

2008-06-18 16:53 . 2008-06-18 16:52 16,768 --a------ C:\WINDOWS\system32\30.tmp

2008-06-18 16:52 . 2008-06-18 16:48 16,768 --a------ C:\WINDOWS\system32\2E.tmp

2008-06-17 22:42 . 2008-06-17 22:42 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.bmp

2008-06-17 22:42 . 2008-06-17 22:42 2,722 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat

2008-06-17 22:34 . 2008-06-17 22:34 <REP> d-------- C:\Program Files\AML Products

2008-06-17 22:34 . 2005-02-21 14:01 2,535,424 --a------ C:\WINDOWS\system32\agsaamj.dll

2008-06-17 22:34 . 2005-03-02 13:50 610,304 --a------ C:\WINDOWS\system32\agsaamg.dll

2008-06-17 22:34 . 2005-01-31 13:25 372,736 --a------ C:\WINDOWS\system32\agsaamc.dll

2008-06-17 22:34 . 2005-02-15 14:28 339,968 --a------ C:\WINDOWS\system32\NCTAudioArrayProcessing3.dll

2008-06-17 22:34 . 2003-08-07 15:01 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll

2008-06-17 22:34 . 2005-02-01 15:23 90,112 --a------ C:\WINDOWS\system32\agsaami.dll

2008-06-17 22:34 . 2005-01-31 13:27 81,920 --a------ C:\WINDOWS\system32\NCTAudioSource.ax

2008-06-17 22:34 . 2005-06-21 17:48 1 --a------ C:\WINDOWS\audi20.dat

2008-06-17 20:33 . 2008-06-18 19:43 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys

2008-06-17 20:32 . 2008-06-17 20:33 2 --a------ C:\955677014

2008-06-17 20:31 . 2008-06-17 20:31 33,280 --a------ C:\WINDOWS\system32\wingdm32.dll

2008-06-17 20:26 . 2008-06-17 20:26 24,576 --a------ C:\WINDOWS\system32\awtuspml.dll

2008-06-15 00:51 . 2008-06-15 00:51 197 --a------ C:\WINDOWS\system32\MRT.INI

2008-06-14 23:34 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-14 23:34 . 2008-04-14 17:52 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-12 16:32 . 2008-06-12 16:32 4,096 --a------ C:\WINDOWS\system32\drivers\nocashio.sys

2008-06-11 23:09 . 2008-06-11 23:09 <REP> d-------- C:\Program Files\Koba Vision BVBA

2008-06-11 23:09 . 2004-03-09 01:00 212,240 --a------ C:\WINDOWS\system32\Richtx32.ocx

2008-06-11 20:28 . 2008-06-11 20:28 <REP> d-------- C:\Program Files\Fichiers communs\L&H

2008-06-11 20:20 . 2008-06-11 20:20 <REP> d-------- C:\Program Files\Microsoft Reader

2008-06-11 20:20 . 2003-06-05 17:15 57,436 --a------ C:\WINDOWS\DASShp.dll

2008-06-06 20:32 . 2008-06-06 20:56 146 --a------ C:\WINDOWS\fcp5.cfg

2008-06-06 17:00 . 2008-06-06 17:00 <REP> d-------- C:\Program Files\WinASPI

2008-06-06 17:00 . 2008-06-06 17:20 <REP> d-------- C:\Program Files\AviSynth 2.5

2008-06-06 16:59 . 2008-06-06 17:19 <REP> d-------- C:\Documents and Settings\New\NeoDivX Suite

2008-06-06 13:52 . 2008-06-06 13:52 <REP> d-------- C:\Program Files\Sony

2008-05-30 22:01 . 2008-05-30 22:02 <REP> d-------- C:\Program Files\AoA Audio Extractor

2008-05-29 12:15 . 2008-06-09 23:34 <REP> d-------- C:\Program Files\GetRight

2008-05-29 12:15 . 2008-06-09 22:56 <REP> d-------- C:\Downloads

2008-05-25 11:41 . 2008-05-25 12:52 <REP> d-------- C:\Program Files\Windows Live

2008-05-25 11:33 . 2008-05-25 11:33 <REP> d-------- C:\Program Files\MessengerPlus! 3

2008-05-24 10:35 . 2008-05-24 10:35 <REP> d-------- C:\Documents and Settings\New\Application Data\MSNInstaller

2008-05-20 19:33 . 2008-05-20 19:34 <REP> d-------- C:\Documents and Settings\New\Application Data\Steinberg

2008-05-20 19:26 . 2008-05-20 19:27 <REP> d-------- C:\Program Files\Steinberg

2008-05-20 19:23 . 2008-05-20 19:23 <REP> d-------- C:\Program Files\Syncrosoft

2008-05-20 19:23 . 2005-10-17 09:35 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll

2008-05-20 19:23 . 2004-05-10 15:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll

2008-05-20 19:23 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm

2008-05-20 19:23 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm

2008-05-20 19:23 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm

2008-05-20 19:23 . 2002-11-25 08:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe

2008-05-20 19:23 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys

2008-05-20 19:23 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys

2008-05-20 19:11 . 2008-05-20 19:18 <REP> d-------- C:\Program Files\DAEMON Tools Lite

2008-05-20 19:03 . 2008-05-20 19:03 <REP> d-------- C:\Program Files\Audacity

2008-05-20 18:59 . 2008-05-20 18:59 33 --a------ C:\WINDOWS\TOPGIRL.INI

2008-05-20 18:58 . 2008-05-20 18:58 <REP> d-------- C:\Documents and Settings\New\Application Data\DAEMON Tools

2008-05-20 18:58 . 2008-05-20 18:58 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2008-05-20 18:53 . 2008-05-20 19:00 <REP> d-------- C:\Program Files\VstPlugins

2008-05-20 18:53 . 2008-05-20 18:53 <REP> d-------- C:\Program Files\ASIO4ALL v2

2008-05-20 18:53 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll

2008-05-20 18:52 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm

2008-05-20 18:50 . 2008-05-20 19:00 <REP> d-------- C:\Program Files\Image-Line

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-19 11:22 --------- d-----w C:\Documents and Settings\New\Application Data\DNA

2008-06-19 10:40 --------- d-----w C:\Program Files\Alwil Software

2008-06-18 16:27 --------- d-----w C:\Program Files\CasinoOnNet

2008-06-18 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-06-17 20:42 133,632 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe

2008-06-11 21:09 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-11 21:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-06-02 15:28 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-31 10:27 --------- d-----w C:\Program Files\trackmania

2008-05-29 14:54 --------- d-----w C:\Program Files\OneStepSearch

2008-05-25 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-23 15:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\WindowsLiveInstaller

2008-05-20 17:44 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-05-09 21:23 --------- d-----w C:\Documents and Settings\New\Application Data\Azureus

2008-05-08 20:32 --------- d-----w C:\Program Files\DNA

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-04-27 19:01 --------- d-----w C:\Program Files\Red Kawa

2008-04-24 16:55 --------- d-----w C:\Program Files\Lavalys

2008-04-23 20:21 --------- d-----w C:\Program Files\FLV Player

2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-04-21 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBT

2008-04-21 16:52 --------- d-----w C:\Program Files\Snapshot Viewer

2008-04-21 16:52 --------- d-----w C:\Program Files\microsoft frontpage

2008-04-21 16:52 --------- d-----w C:\Program Files\CSO-DAX Compressor

2008-04-21 16:44 --------- d-----w C:\Documents and Settings\New\Application Data\Microsoft Web Folders

2008-04-20 18:30 --------- d-----w C:\Program Files\VirtualDJ

2008-04-20 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\TrackMania

2008-04-18 21:14 712,704 ----a-w C:\WINDOWS\system32\rlph.dll

2008-04-09 18:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll

2008-04-01 15:21 81,984 ----a-w C:\WINDOWS\system32\bdod.bin

2008-03-29 05:19 9,801,728 ----a-w C:\WINDOWS\system32\atioglx2.dll

2008-03-29 04:40 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll

2008-03-29 04:05 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll

2008-03-29 04:04 299,008 ----a-w C:\WINDOWS\system32\ati2dvag.dll

2008-03-29 03:56 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll

2008-03-29 03:56 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll

2008-03-29 03:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll

2008-03-29 03:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe

2008-03-29 03:55 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll

2008-03-29 03:54 536,576 ----a-w C:\WINDOWS\system32\ati2evxx.exe

2008-03-29 03:52 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL

2008-03-29 03:43 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll

2008-03-29 03:39 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll

2008-03-29 03:36 1,765,120 ----a-w C:\WINDOWS\system32\ativvaxx.dll

2008-03-29 03:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll

2008-03-29 03:23 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll

2008-03-29 03:21 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll

2008-03-29 03:19 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll

2008-03-29 03:12 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll

2008-03-28 19:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ac519e4e-edf0-48c7-8ada-2a4a5b1c81c9}]

2008-06-17 20:26 24576 --a------ C:\WINDOWS\system32\awtuspml.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

"Steam"="c:\valve\steam\steam.exe" [2008-04-02 15:53 1271032]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]

"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 22:32 289088]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-05-25 11:33 190024]

"WanadooMail"="C:\WINDOWS\system32\WanadooMail.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"Piolet"="C:\Program Files\Piolet\Piolet.exe" [ ]

"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]

"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-05-25 11:33 190024]

"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2006-06-27 12:24 481688]

"MSDisp32"="C:\WINDOWS\system32\drvdus.dll" [ ]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 14:11 233472]

"{AC519E4E-EDF0-48C7-8ADA-2A4A5B1C81C9}"= C:\WINDOWS\system32\awtuspml.dll [2008-06-17 20:26 24576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pÈ]

PÈ

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\@xð]

@xð

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtuspml]

awtuspml.dll 2008-06-17 20:26 24576 C:\WINDOWS\system32\awtuspml.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]

wingdm32.dll 2008-06-17 20:31 33280 C:\WINDOWS\system32\wingdm32.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.yv12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\WINDOWS\\system32\\rtcshare.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Valve\\Condition Zero\\czero.exe"=

"C:\\Valve\\Steam\\steamapps\\nicoss02\\condition zero\\hl.exe"=

"C:\\Valve\\Steam\\steamapps\\nicoss02\\counter-strike\\hl.exe"=

"C:\\Valve\\Steam\\steamapps\\neo02290\\team fortress classic\\hl.exe"=

"C:\\Valve\\Steam\\steamapps\\neo02290\\opposing force\\hl.exe"=

"C:\\Program Files\\Opera\\Opera.exe"=

"C:\\Valve\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=

"C:\\Valve\\Steam\\steamapps\\nicoss02290\\counter-strike source\\hl2.exe"=

"C:\\Valve\\Steam\\steamapps\\nicoss02290\\ricochet\\hl.exe"=

"C:\\Valve\\Steam\\steamapps\\nicoss02290\\day of defeat source\\hl2.exe"=

"C:\\Valve\\Steam\\steamapps\\nicoss02290\\condition zero\\hl.exe"=

"C:\\Valve\\Steam\\steamapps\\nicoss02290\\deathmatch classic\\hl.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"C:\\Program Files\\NetMeeting\\conf.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\winver.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"14287:TCP"= 14287:TCP:NortonAV

"16256:TCP"= 16256:TCP:NortonAV

"14265:TCP"= 14265:TCP:NortonAV

"16599:TCP"= 16599:TCP:NortonAV

"14312:TCP"= 14312:TCP:NortonAV

"12375:TCP"= 12375:TCP:NortonAV

"14072:TCP"= 14072:TCP:NortonAV

"13454:TCP"= 13454:TCP:NortonAV

"12604:TCP"= 12604:TCP:NortonAV

"4824:TCP"= 4824:TCP:@xpsp2res.dll,-22005

"20791:TCP"= 20791:TCP:@xpsp2res.dll,-22005

"5994:TCP"= 5994:TCP:@xpsp2res.dll,-22005

"50945:TCP"= 50945:TCP:@xpsp2res.dll,-22005

 

R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\F-Secure Internet Security\fswsclds.exe [2006-08-05 20:00]

R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service []

R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 14:00]

S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-08-18 19:22]

S3 pnicml;pnicml;C:\DOCUME~1\New\LOCALS~1\Temp\pnicml.sys []

S3 tcpip_patcher;tcpip_patcher;C:\WINDOWS\system32\tcpip_patcher.sys [2008-06-18 19:43]

S3 UltraMonMirror;UltraMonMirror;C:\WINDOWS\system32\DRIVERS\UltraMonMirror.sys []

S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ljhfdewh4-dcw33rf3-csd3db-as35ge-asfds]

C:\WINDOWS\system32\WanadooMail.exe

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-03 17:22:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-19 13:26:54

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\wingdm32.dll

-> C:\WINDOWS\system32\awtuspml.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\OneStepSearch\onestep.exe

C:\Program Files\OneStepSearch\onestep.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardgui.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\guardgui.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-19 13:37:27 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-19 11:36:58

 

Pre-Run: 68,827,881,472 octets libres

Post-Run: 68,905,496,576 octets libres

 

311 --- E O F --- 2008-06-14 22:52:06

[-_-']

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:45:21, on 19/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\F-Secure Internet Security\fswsclds.exe

C:\Program Files\OneStepSearch\onestep.exe

C:\Program Files\OneStepSearch\onestep.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\New\Bureau\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66027

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66027

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {ac519e4e-edf0-48c7-8ada-2a4a5b1c81c9} - C:\WINDOWS\system32\awtuspml.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT

O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvdus.dll,startup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [WanadooMail] C:\WINDOWS\system32\WanadooMail.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: pÈ - PÈ (file missing)

O20 - Winlogon Notify: @xð - @xð (file missing)

O20 - Winlogon Notify: awtuspml - C:\WINDOWS\SYSTEM32\awtuspml.dll

O20 - Winlogon Notify: wingdm32 - C:\WINDOWS\SYSTEM32\wingdm32.dll

O22 - SharedTaskScheduler: jhsf8d984jief8dsfus98jkefn - {C5AF49A2-94F3-42BD-F434-2604812C897D} - (no file)

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\fswsclds.exe

O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)

O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 7993 bytes

 

 

Voilà les 2 rapports demandé, le 1er Combo et 2eme Hijackthis.

[Falkra]

Il y a du monde, et il en reste.

 

Casino on net, c'est toi qui l'as installé et c'est voulu, ou pas ? (aucun jugement, juste pour savoir et choisir la suite)

 

Voici la politique de Boonty, dont un service tourne ici :

 

Il se peut que nous partageons aussi des informations payantes avec des tiers

qui fournissent ds services payants et partage des données regroupées montrant le type

et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,

niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,

internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.

De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails

qui nous assistent en envoyant nos mails a de nombreux clients en même temps...

 

NB : Supprimer le service et/ou désinstaller cela peut empêcher le fonctionnement de certains petits jeux

 

 

Je vire aussi ?

 

(je te prépare un script, mais j'ai besoin de ces réponses pour le finir)