Multiple infections...[Résolu par Pear]

[Av3n4s]

Bonsoir,

 

Je les ai effacé avant la procédure. Je pense que cela a son importance, non ?

 

Log:

 

ComboFix 08-11-09.04 - Dolc3 2008-11-10 21:48:44.1 - NTFSx86

Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1208 [GMT 1:00]

Lancé depuis: e:\users\Dolc3\Desktop\ComboFix.exe

* Un nouveau point de restauration a été créé

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

e:\users\Dolc3\AppData\Roaming\.#

e:\windows\mainms.vpi

e:\windows\megavid.cdt

e:\windows\msvrc20.dll

e:\windows\muotr.so

e:\windows\system32\exec1.exe

e:\windows\system32\hljwugsf.bin

e:\windows\system32\yfywgrev.ini

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-10 au 2008-11-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-11-10 21:38 . 2008-11-10 21:46 <REP> d-------- E:\32788R22FWJFW

2008-11-08 18:14 . 2008-11-08 18:39 <REP> d-------- e:\users\Zahia\AppData\Roaming\dvdcss

2008-11-08 17:35 . 2008-11-08 17:35 <REP> d-------- e:\users\Zahia\AppData\Roaming\HP

2008-11-08 15:02 . 2008-11-08 15:02 <REP> d-------- E:\rsit

2008-11-08 14:33 . 2008-11-08 14:36 <REP> d-------- e:\users\Dolc3\AppData\Roaming\HP

2008-11-08 14:30 . 2008-11-08 14:30 <REP> d-------- e:\program files\Hewlett-Packard

2008-11-08 14:30 . 2008-11-08 14:32 <REP> d-------- e:\program files\Common Files\HP

2008-11-08 14:30 . 2008-11-08 14:30 <REP> d-------- e:\program files\Common Files\Hewlett-Packard

2008-11-08 14:28 . 2008-11-08 14:28 <REP> d-------- e:\users\All Users\Hewlett-Packard

2008-11-08 14:28 . 2008-11-08 14:28 <REP> d-------- e:\programdata\Hewlett-Packard

2008-11-08 14:08 . 2008-07-24 12:10 118,272 --a------ e:\windows\System32\hpz3l58a.dll

2008-11-08 14:07 . 2008-11-08 14:07 <REP> d-------- e:\windows\carrier

2008-11-08 14:07 . 2008-11-08 14:32 <REP> d-------- e:\program files\HP

2008-11-08 14:04 . 2008-11-08 14:35 167,396 --a------ e:\windows\hpwins05.dat

2008-11-08 13:39 . 2007-07-05 04:42 1,275,480 --a------ e:\windows\hpzshl01.exe

2008-11-08 13:39 . 2007-07-05 04:42 1,132,120 --a------ e:\windows\hpzmsi01.exe

2008-11-08 13:39 . 2007-07-05 03:49 892,928 --a------ e:\windows\System32\hpwtiop2.dll

2008-11-08 13:39 . 2007-07-05 03:49 675,840 --a------ e:\windows\System32\hpwwiax2.dll

2008-11-08 13:39 . 2007-07-05 03:48 364,544 --a------ e:\windows\System32\hppldcoi.dll

2008-11-08 13:39 . 2007-07-05 03:48 309,760 --a------ e:\windows\System32\difxapi.dll

2008-11-08 13:39 . 2007-07-05 03:49 294,912 --a------ e:\windows\System32\hpovst11.dll

2008-11-08 13:39 . 2007-07-05 04:42 258,048 --a------ e:\windows\System32\hpzids01.dll

2008-11-08 13:39 . 2007-09-14 17:11 16,050 --a------ e:\windows\hpwscr05.dat

2008-11-08 13:39 . 2007-09-14 17:10 4,785 --a------ e:\windows\hpwmdl05.dat

2008-11-08 12:54 . 2008-11-08 12:54 468 --a------ e:\windows\wsnk.his

2008-11-08 12:54 . 2008-11-08 12:54 200 --a------ e:\windows\wsnk.ini

2008-11-08 09:52 . 2008-11-08 14:31 <REP> d-------- e:\users\All Users\HP

2008-11-08 09:52 . 2008-11-08 14:31 <REP> d-------- e:\programdata\HP

2008-11-08 09:21 . 2008-11-08 09:21 <REP> d-------- e:\users\Dolc3\AppData\Roaming\Simply Super Software

2008-11-08 09:21 . 2008-11-08 14:52 <REP> d-------- e:\program files\Trojan Remover

2008-11-08 08:58 . 2008-11-08 08:58 <REP> d-------- e:\users\Dolc3\AppData\Roaming\Webroot

2008-11-08 08:53 . 2008-11-08 08:53 <REP> d-------- e:\users\All Users\Prevx

2008-11-08 08:53 . 2008-11-08 08:53 <REP> d-------- e:\programdata\Prevx

2008-11-08 08:44 . 2008-11-08 09:05 <REP> d-------- e:\program files\Hitman Pro

2008-11-08 08:19 . 2008-11-08 08:20 <REP> d-------- e:\program files\Trojan Killer

2008-11-07 20:14 . 2008-11-10 20:28 <REP> d-------- e:\users\Zahia\Tracing

2008-11-07 20:09 . 2008-11-07 20:09 <REP> d-------- e:\users\Zahia\AppData\Roaming\Malwarebytes

2008-11-07 10:17 . 2008-11-07 10:17 <REP> d-------- e:\users\Dolc3\AppData\Roaming\Daoisoft

2008-11-06 07:33 . 2008-11-06 08:36 <REP> d-------- e:\users\Dolc3\AppData\Roaming\Download Manager

2008-11-05 15:09 . 2008-11-05 15:09 <REP> d-------- e:\program files\ISODisk

2008-11-05 15:09 . 2006-04-26 01:03 9,600 --a------ e:\windows\System32\drivers\ISODisk.sys

2008-11-04 07:33 . 2008-11-04 07:33 <REP> d-------- e:\users\Dolc3\AppData\Roaming\r2 Studios

2008-11-04 07:33 . 2008-11-04 07:33 <REP> d-------- e:\users\All Users\r2 Studios

2008-11-04 07:33 . 2008-11-04 07:33 <REP> d-------- e:\programdata\r2 Studios

2008-11-03 18:28 . 2008-11-03 18:28 <REP> d-------- e:\users\Dolc3\AppData\Roaming\FarStone

2008-11-03 18:16 . 2000-06-26 07:43 254,224 --a------ e:\windows\System32\drmclien.dll

2008-11-03 18:13 . 2008-11-03 18:13 118,784 --a------ e:\windows\System32\DVC.dll

2008-11-03 18:13 . 2008-11-03 18:13 86,016 --a------ e:\windows\System32\Dversion.dll

2008-11-03 17:57 . 2008-09-19 11:02 86,928 --a------ e:\windows\System32\drivers\fvxscsi.sys

2008-11-03 17:57 . 2007-10-30 14:00 17,840 --a------ e:\windows\System32\drivers\fcdabus.sys

2008-11-03 17:57 . 2007-06-15 06:10 17,542 --a------ e:\windows\Driver.ico

2008-11-03 17:57 . 2006-08-08 10:03 14,496 --a------ e:\windows\System32\VDI08X.dat

2008-11-03 17:55 . 2008-11-03 17:55 <REP> d-------- e:\program files\FarStone

2008-11-03 14:21 . 2008-11-03 14:21 <REP> d-------- e:\program files\FreeGo

2008-11-02 22:49 . 2008-11-02 22:49 2,085,144 --a------ e:\windows\System32\AutoPartNt.exe

2008-11-02 22:49 . 2008-11-02 22:52 1,024 --a------ e:\windows\System32\AutoPartNt.let

2008-11-02 21:36 . 2008-11-02 21:36 971,232 --a------ e:\windows\System32\drivers\tdrpm147.sys

2008-11-02 21:36 . 2008-11-02 21:36 134,272 --a------ e:\windows\System32\drivers\snman380.sys

2008-11-02 21:32 . 2008-11-02 21:32 <REP> d-------- e:\program files\Acronis

2008-11-02 17:36 . 2008-11-02 17:36 <REP> d-------- e:\users\Zahia\AppData\Roaming\vlc

2008-11-02 17:30 . 2008-11-02 17:30 <REP> dr------- e:\users\Zahia\Videos

2008-11-02 17:30 . 2008-11-02 17:30 <REP> dr------- e:\users\Zahia\Searches

2008-11-02 17:30 . 2008-11-02 17:30 <REP> dr------- e:\users\Zahia\Saved Games

2008-11-02 17:30 . 2008-11-02 17:30 <REP> dr------- e:\users\Zahia\Pictures

2008-11-02 17:30 . 2008-11-02 17:30 <REP> dr------- e:\users\Zahia\Music

2008-11-02 17:30 . 2008-11-02 17:30 <REP> dr------- e:\users\Zahia\Links

2008-11-02 17:30 . 2008-11-10 21:42 <REP> dr------- e:\users\Zahia\Downloads

2008-11-02 17:30 . 2008-11-08 06:58 <REP> dr------- e:\users\Zahia\Documents

2008-11-02 17:30 . 2008-11-02 17:30 <REP> dr------- e:\users\Zahia\Contacts

2008-11-02 17:30 . 2006-11-02 13:35 <REP> d-------- e:\users\Zahia\AppData\Roaming\Media Center Programs

2008-11-02 17:30 . 2008-11-02 17:30 <REP> d--h----- e:\users\Zahia\AppData

2008-11-02 17:30 . 2008-11-10 18:45 <REP> d-------- e:\users\Zahia

2008-11-02 16:33 . 2008-11-09 20:26 <REP> d-------- e:\users\Dolc3\AppData\Roaming\dvdcss

2008-11-02 15:42 . 2008-11-10 22:00 <REP> d-------- e:\users\Dolc3\AppData\Roaming\IDM

2008-11-02 15:40 . 2008-11-02 21:01 <REP> d-------- e:\program files\Internet Download Manager

2008-11-02 13:35 . 2004-08-04 07:00 506,368 --a------ e:\windows\System32\msxml.dll

2008-11-01 07:51 . 2008-11-01 07:51 <REP> d-------- e:\users\All Users\inSpeak

2008-11-01 07:51 . 2008-11-01 07:51 <REP> d-------- e:\programdata\inSpeak

2008-11-01 07:50 . 2008-11-01 07:50 <REP> d-------- e:\users\Dolc3\AppData\Roaming\inSpeak

2008-10-31 17:30 . 2008-11-02 12:14 410,976 --a------ e:\windows\System32\deploytk.dll

2008-10-31 17:17 . 2008-10-31 17:42 <REP> d-------- e:\users\Dolc3\.SunDownloadManager

2008-10-31 16:24 . 2008-10-31 16:24 <REP> d-------- e:\program files\Common Files\Java

2008-10-31 15:59 . 2008-10-31 21:06 <REP> d-------- E:\MsgPlusDebug

2008-10-31 15:11 . 2008-10-31 15:11 96,976 --a------ e:\windows\System32\drivers\klin.dat

2008-10-31 14:52 . 2008-10-31 14:52 <REP> d-------- e:\program files\Moo0

2008-10-31 13:20 . 2008-10-31 13:20 87,855 --a------ e:\windows\System32\drivers\klick.dat

2008-10-31 13:17 . 2008-10-31 13:17 <REP> d-------- e:\program files\Kaspersky Lab

2008-10-31 13:17 . 2008-11-10 21:54 8,257,568 --ahs---- e:\windows\System32\drivers\fidbox.dat

2008-10-31 13:17 . 2008-11-10 21:55 786,464 --ahs---- e:\windows\System32\drivers\fidbox2.dat

2008-10-31 13:17 . 2008-11-10 21:54 66,640 --ahs---- e:\windows\System32\drivers\fidbox.idx

2008-10-31 13:17 . 2008-11-10 21:55 4,816 --ahs---- e:\windows\System32\drivers\fidbox2.idx

2008-10-31 12:39 . 2008-10-22 16:10 38,496 --a------ e:\windows\System32\drivers\mbamswissarmy.sys

2008-10-31 12:39 . 2008-10-22 16:10 15,504 --a------ e:\windows\System32\drivers\mbam.sys

2008-10-31 12:06 . 2008-10-31 12:06 <REP> d-------- e:\program files\IObit

2008-10-31 08:10 . 2008-10-31 08:10 <REP> d-------- e:\windows\E80F62FF5D3C4A1984099721F2928206.TMP

2008-10-31 07:48 . 2008-10-31 12:04 <REP> d-------- e:\program files\Common Files\Symantec Shared

2008-10-31 07:36 . 2008-10-31 07:36 <REP> d-------- e:\users\All Users\Agnitum

2008-10-31 07:36 . 2008-10-31 07:36 <REP> d-------- e:\programdata\Agnitum

2008-10-31 06:43 . 2008-10-31 06:47 <REP> d-------- e:\program files\Opera

2008-10-30 21:38 . 2008-10-30 21:38 <REP> d-------- e:\users\All Users\Downloaded Installations

2008-10-30 21:38 . 2008-10-30 21:38 <REP> d-------- e:\programdata\Downloaded Installations

2008-10-29 06:53 . 2008-10-29 06:53 <REP> d-------- e:\users\All Users\NortonInstaller

2008-10-29 06:53 . 2008-10-29 06:53 <REP> d-------- e:\programdata\NortonInstaller

2008-10-29 06:53 . 2008-10-29 07:00 <REP> d-------- e:\program files\NortonInstaller

2008-10-28 23:52 . 2008-10-28 23:52 <REP> d--hs---- E:\#GDATA.Trash.Store#

2008-10-28 22:56 . 2008-10-28 22:56 29,128 --a------ e:\windows\System32\drivers\GRD.sys

2008-10-28 22:34 . 2008-10-28 22:34 51,656 --a------ e:\windows\System32\drivers\PktIcpt.sys

2008-10-28 22:34 . 2008-10-28 22:34 50,888 --a------ e:\windows\System32\drivers\MiniIcpt.sys

2008-10-28 22:33 . 2008-10-28 23:54 <REP> d-------- e:\users\All Users\G DATA

2008-10-28 22:33 . 2008-10-28 23:54 <REP> d-------- e:\programdata\G DATA

2008-10-28 22:33 . 2008-10-28 23:54 <REP> d-------- e:\program files\G DATA

2008-10-28 22:33 . 2008-10-28 23:54 <REP> d-------- e:\program files\Common Files\G DATA

2008-10-28 22:33 . 2008-10-28 22:33 39,880 --a------ e:\windows\System32\drivers\gdwfpcd32.sys

2008-10-28 19:57 . 2008-08-12 04:39 443,392 --a------ e:\windows\System32\win32spl.dll

2008-10-28 19:57 . 2008-09-18 05:56 147,456 --a------ e:\windows\System32\Faultrep.dll

2008-10-28 19:57 . 2008-09-18 05:56 125,952 --a------ e:\windows\System32\wersvc.dll

2008-10-28 16:28 . 2008-10-28 16:28 65,320 --a------ e:\windows\System32\sbbd.exe

2008-10-28 11:46 . 2008-09-12 11:44 206,256 --a------ e:\windows\System32\idmmbc.dll

2008-10-27 16:30 . 2008-10-31 12:39 <REP> d-------- e:\program files\Malwarebytes' Anti-Malware

2008-10-27 16:18 . 2008-11-08 08:55 <REP> d-------- E:\TEMP

2008-10-27 09:04 . 2008-10-27 09:04 7,808 --a------ e:\windows\System32\drivers\psi_mf.sys

2008-10-27 07:49 . 2008-10-27 07:49 <REP> d-------- e:\users\Dolc3\AppData\Roaming\PCF-VLC

2008-10-25 03:51 . 2008-10-25 03:51 <REP> d-------- e:\windows\System32\3Planesoft

2008-10-25 03:51 . 2008-10-25 03:51 <REP> d-------- e:\program files\3Planesoft Screensaver Manager

2008-10-25 03:51 . 2008-10-09 11:55 10,750,464 --a------ e:\windows\System32\Lagoon 3D Screensaver.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-10 21:00 --------- d-----w e:\users\Dolc3\AppData\Roaming\DMCache

2008-11-10 21:00 --------- d-----w e:\programdata\Kaspersky Lab

2008-11-10 20:57 --------- d---a-w e:\programdata\TEMP

2008-11-10 20:48 6,553,600 ----a-w e:\users\Invité\NTUSER.DAT

2008-11-10 20:48 6,553,600 ----a-w e:\users\Invité\NTUSER.DAT

2008-11-10 07:20 --------- d-----w e:\program files\Songbird

2008-11-10 05:51 --------- d-----w e:\users\Dolc3\AppData\Roaming\uTorrent

2008-11-09 23:24 --------- d-----w e:\users\Dolc3\AppData\Roaming\FileZilla

2008-11-09 18:57 --------- d-----w e:\program files\Microsoft

2008-11-08 09:04 --------- d-----w e:\program files\WinHex

2008-11-08 08:52 --------- d-----w e:\users\Administrateur\AppData\Roaming\DMCache

2008-11-08 08:03 --------- d-----w e:\program files\SpywareBlaster

2008-11-05 23:46 --------- d-----w e:\users\Dolc3\AppData\Roaming\Thinstall

2008-11-04 09:06 --------- d-----w e:\programdata\Google Updater

2008-11-04 06:30 --------- d-----w e:\program files\Universal Extractor

2008-11-04 06:24 --------- d-----w e:\program files\Windows Live Safety Center

2008-11-04 05:16 --------- d-----w e:\program files\Messenger Plus! Live

2008-11-03 06:32 --------- d-----w e:\program files\AutoPlay Media Studio 7.0

2008-11-03 06:29 --------- d-----w e:\programdata\IndigoRose

2008-11-03 06:25 --------- d-----w e:\users\Dolc3\AppData\Roaming\Downloaded Installations

2008-11-02 21:29 --------- d-----w e:\users\Dolc3\AppData\Roaming\Acronis

2008-11-02 20:36 540,000 ----a-w e:\windows\system32\drivers\timntr.sys

2008-11-02 20:32 --------- d-----w e:\program files\Common Files\Acronis

2008-11-02 11:14 --------- d-----w e:\program files\Java

2008-11-02 10:56 --------- d-----w e:\program files\Secunia

2008-11-02 10:32 --------- d-----w e:\users\Dolc3\AppData\Roaming\vlc

2008-11-02 10:03 --------- d-----w e:\program files\top

2008-11-02 09:31 --------- d-----w e:\program files\CCleaner

2008-10-31 18:37 --------- d-----w e:\users\Dolc3\AppData\Roaming\Kaspersky_Key_Finder_(KKF

2008-10-31 14:52 --------- d-----w e:\program files\Vlc

2008-10-31 13:55 --------- d-----w e:\program files\Yamicsoft

2008-10-31 12:45 --------- d-----w e:\program files\AxBx

2008-10-31 11:04 --------- d-----w e:\programdata\Symantec

2008-10-31 06:59 --------- d-----w e:\users\Dolc3\AppData\Roaming\Symantec

2008-10-28 21:57 44,704 ----a-w e:\windows\system32\drivers\tifsfilt.sys

2008-10-28 21:57 --------- d-----w e:\programdata\Acronis

2008-10-27 06:47 --------- d-----w e:\program files\Microsoft Games

2008-10-23 22:45 --------- d-----w e:\program files\Micro Application

2008-10-23 22:08 --------- d--h--w e:\program files\InstallShield Installation Information

2008-10-21 17:01 --------- d-----w e:\users\Dolc3\AppData\Roaming\Paltalk

2008-10-21 17:01 --------- d-----w e:\program files\Paltalk Messenger

2008-10-20 00:44 --------- d-----w e:\programdata\Skype

2008-10-19 13:13 --------- d-----w e:\users\Invité\AppData\Roaming\DMCache

2008-10-19 10:41 --------- d-----w e:\users\Invité\AppData\Roaming\Oniton

2008-10-18 21:44 --------- d-----w e:\program files\uTorrent2

2008-10-17 20:27 --------- d-----w e:\users\Dolc3\AppData\Roaming\Vso

2008-10-17 09:22 --------- d-----w e:\program files\Analog Devices

2008-10-17 05:14 --------- d-----w e:\program files\FotoTagger

2008-10-17 04:58 --------- d-----w e:\users\Invité\AppData\Roaming\IDM

2008-10-17 04:57 --------- d-s---w e:\users\Invité\AppData\Roaming\Microsoft

2008-10-17 04:49 --------- d-----w e:\users\Administrateur\AppData\Roaming\IDM

2008-10-17 03:34 --------- d-----w e:\program files\AIMP2

2008-10-15 06:58 --------- d-----w e:\program files\Mozilla Sunbird

2008-10-15 02:03 --------- d-----w e:\users\Dolc3\AppData\Roaming\Systweak

2008-10-15 01:49 --------- d-----w e:\program files\Windows Mail

2008-10-15 01:42 --------- d-----w e:\programdata\Microsoft Help

2008-10-15 01:23 --------- d-----w e:\program files\Neuf

2008-10-15 01:22 --------- d-----w e:\program files\Google

2008-10-15 01:17 --------- d-----w e:\users\Dolc3\AppData\Roaming\Archivarius 3000

2008-10-15 01:15 --------- d-----w e:\program files\Common Files\ACD Systems

2008-10-13 17:39 --------- d-----w e:\program files\Spybot - Search & Destroy

2008-10-13 17:38 --------- d-----w e:\programdata\Spybot - Search & Destroy

2008-10-13 00:10 --------- d-----w e:\programdata\Avira

2008-10-10 21:31 --------- d-----w e:\users\Administrateur\AppData\Roaming\URSoft

2008-10-09 14:46 --------- d-----w e:\program files\Teach2000

2008-10-07 19:15 --------- d-----w e:\users\Dolc3\AppData\Roaming\ABBYY

2008-10-07 19:12 --------- d-----w e:\programdata\ABBYY

2008-10-07 18:19 39,424 ----a-w e:\windows\zipinst.exe

2008-10-06 11:56 --------- d---a-w e:\programdata\rkfree

2008-10-05 06:06 --------- d-----w e:\program files\Yahoo!

2008-10-04 23:06 --------- d-----w e:\program files\NeufGigaDisk

2008-10-04 23:01 --------- d-----w e:\programdata\Neuf

2008-09-30 21:37 --------- d-----w e:\users\Dolc3\AppData\Roaming\ProcessLasso

2008-09-30 21:36 --------- d-----w e:\program files\Process Lasso

2008-09-30 21:32 --------- d-----w e:\program files\Throttle

2008-09-30 21:31 --------- d-----w e:\program files\RamSmash

2008-09-30 21:29 --------- d-----w e:\program files\NetScream

2008-09-30 21:03 --------- d-----w e:\programdata\eMule

2008-09-29 00:44 --------- d-----w e:\program files\Microsoft SQL Server

2008-09-29 00:37 --------- d-----w e:\program files\Microsoft Small Business

2008-09-27 17:49 --------- d-----w e:\program files\Microsoft.NET

2008-09-27 04:21 --------- d-----w e:\users\Dolc3\AppData\Roaming\KC Softwares

2008-09-27 04:21 --------- d-----w e:\program files\KC Softwares

2008-09-27 02:01 --------- d-----w e:\users\Dolc3\AppData\Roaming\Talkback

2008-09-26 19:58 --------- d-----w e:\programdata\NVIDIA

2008-09-26 17:52 --------- d-----w e:\users\Dolc3\AppData\Roaming\Apple Computer

2008-09-26 15:17 --------- d-----w e:\users\Dolc3\AppData\Roaming\UpdateStar

2008-09-25 14:10 --------- d-----w e:\program files\IEPro

2008-09-25 11:08 --------- d-----w e:\users\Administrateur\AppData\Roaming\Sunbelt

2008-09-25 07:33 --------- d-----w e:\programdata\Macrovision

2008-09-25 07:33 --------- d-----w e:\program files\Common Files\Macromedia Shared

2008-09-25 04:27 --------- d-----w e:\programdata\Yahoo!

2008-09-25 03:54 --------- d-----w e:\program files\Setup Factory 8

2008-09-24 18:17 --------- d-----w e:\program files\RogueRemover FREE

2008-09-24 18:09 --------- d-----w e:\users\Dolc3\AppData\Roaming\IndigoRose

2008-09-24 17:22 --------- d-----w e:\program files\MSI Factory

2008-09-24 16:54 --------- d-----w e:\users\Dolc3\AppData\Roaming\MiniDm

2008-09-24 14:29 --------- d-----w e:\program files\Common Files\Wise Installation Wizard

2008-09-24 09:56 --------- d-----w e:\program files\a-squared Anti-Dialer

2008-09-24 09:44 --------- d-----w e:\programdata\McAfee

2008-06-03 09:42 32,768 --sha-w e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008060320080604\index.dat

2008-07-18 17:56 32,768 --sha-w e:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008071820080719\index.dat

2008-06-11 01:28 3,734,560 --sha-w e:\windows\System32\drivers\fidbox(69).dat

2008-06-11 00:57 458,784 --sha-w e:\windows\System32\drivers\fidbox2(71).dat

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IDMan"="e:\program files\Internet Download Manager\IDMan.exe" [2008-11-02 2606512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"AVP"="e:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"LogonHoursAction"= 2 (0x2)

"DontDisplayLogonHoursWarnings"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=e:\progra~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,e:\progra~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll,e:\progra~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,e:\progra~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSVideo"= CSvidcap.dll

"msacm.l3codec"= l3codecp.acm

"vidc.mjpg"= pvmjpg30.dll

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_SZ kerberos

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

 

[HKLM\~\startupfolder\E:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=e:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=e:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKLM\~\startupfolder\E:^Users^Dolc3^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Moo0 ConnectionWatcher 1.30.lnk]

backup=e:\windows\pss\Moo0 ConnectionWatcher 1.30.lnk.Startup

backupExtension=.Startup

 

[HKLM\~\startupfolder\E:^Users^Dolc3^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Secunia NSI.lnk]

backup=e:\windows\pss\Secunia NSI.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

SOFTWARE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

SOFTWARE\Microsoft

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

SOFTWARE\Microsoft\Windows

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

SOFTWARE\Microsoft\Windows\CurrentVersion

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

88888888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

888888888888888888888888888888888888888888888888888888888888888888888888888888888

88888888888888SOFTWARE\Microsoft\Windows\CurrentVersion\Run [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

--a------ 2008-01-18 22:33 125952 e:\windows\ehome\ehtray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

--a------ 2008-10-22 16:10 399504 e:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]

--a------ 2008-07-03 10:37 812952 e:\program files\Registry Mechanic\RMTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBAMTray]

--a------ 2008-10-28 16:37 681256 e:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-11-02 12:14 136600 e:\program files\Java\jre6\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WPCUMI]

--a------ 2006-11-02 13:33 176128 e:\windows\System32\wpcumi.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2712132958-1929791653-2419846949-1000]

"EnableNotificationsRef"=dword:00000002

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{3438B2D1-AFC1-4CFB-B950-D09A19FE64ED}"= e:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{3A8A05D4-A4C3-4454-8433-E11F2AB9E30E}"= e:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{82B3EDF0-167A-4C27-8162-3AF0B3970859}"= e:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{E88E830D-9318-46FD-A476-00E0F57459D1}"= UDP:e:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{DF2C3379-19B3-47C4-9191-2558D7E152DB}"= TCP:e:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{5352F1E0-7E6C-4732-9E19-6ED2962A6C4E}"= UDP:e:\program files\uTorrent\uTorrent.exe:µTorrent

"{A825365B-8D48-4A09-9ACC-5D1C5256213B}"= TCP:e:\program files\uTorrent\uTorrent.exe:µTorrent

"{5D0CE0BC-F04C-4769-8D8C-19F940463DA2}"= e:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{3B6AC66D-AEC1-4896-841B-85010775A5DB}e:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:e:\program files\veoh networks\veoh\veohclient.exe:Veoh Client

"UDP Query User{0F825959-8A28-481B-B109-3EF0941388AF}e:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:e:\program files\veoh networks\veoh\veohclient.exe:Veoh Client

"TCP Query User{12B00205-B197-48E3-8B4C-9D14246B996B}e:\\program files\\emule0.48a\\emule0.48a\\emule.exe"= UDP:e:\program files\emule0.48a\emule0.48a\emule.exe:eMule

"UDP Query User{0F55B60D-FF69-48D4-B30A-0152C8E1CF48}e:\\program files\\emule0.48a\\emule0.48a\\emule.exe"= TCP:e:\program files\emule0.48a\emule0.48a\emule.exe:eMule

"TCP Query User{CF17E8EE-F5E4-4902-99D5-89639FF30833}e:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= UDP:e:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009

"UDP Query User{507CB154-79F9-4872-9004-5D9B98091120}e:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\french\\setup.exe"= TCP:e:\programdata\kaspersky lab setup files\kaspersky internet security 2009\french\setup.exe:Programme d'installation de Kaspersky Internet Security 2009

"TCP Query User{13C5D4A1-D412-4B81-AB80-A84AC8CF817B}e:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= UDP:e:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009

"UDP Query User{A3DF52B6-AAC8-455E-ADBB-81B792942EF5}e:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 2009\\french\\setup.exe"= TCP:e:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 2009

"TCP Query User{7B9C46A4-2163-448B-B57F-8FB929A81F28}e:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= UDP:e:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0

"UDP Query User{4069C451-B2EC-4E5B-9911-F5B15992CA52}e:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.325\\french\\setup.exe"= TCP:e:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.325\french\setup.exe:Programme d'installation de Kaspersky Anti-Virus 7.0

"{5ED03B5E-320A-4C00-BA0E-A6559FCAE787}"= UDP:e:\users\Dolc3\Desktop\Utorrent\utorrent.exe:µTorrent

"{8BEFF67E-5325-4BB9-8AA2-FF2C4BE31A90}"= TCP:e:\users\Dolc3\Desktop\Utorrent\utorrent.exe:µTorrent

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"DoNotAllowExceptions"= 1 (0x1)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"e:\\Program Files\\IEPro\\MiniDM.exe"= e:\program files\IEPro\MiniDM.exe:*:Enabled:MiniDM

 

R0 klbg;Kaspersky Lab Boot Guard Driver;e:\windows\system32\drivers\klbg.sys [2008-01-29 32784]

R0 snapman380;Acronis Snapshots Manager (Build 380);e:\windows\system32\DRIVERS\snman380.sys [2008-11-02 134272]

R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);e:\windows\system32\DRIVERS\tdrpm147.sys [2008-11-02 971232]

R1 GRD;G DATA Rootkit Detector Driver;e:\windows\system32\drivers\GRD.sys [2008-10-28 29128]

R1 ISODisk;ISODisk;e:\windows\system32\drivers\ISODisk.sys [2006-04-26 9600]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;e:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]

R2 AEADIFilters;Andrea ADI Filters Service;e:\windows\system32\AEADISRV.EXE [2007-06-07 86016]

R2 CacheBoost Service;CacheBoost Performance Optimizer and Tuner Service;e:\program files\Systweak\Systweak CacheBoost\cbsrv.exe [2008-03-09 187120]

R2 DiskSuiteService;PC Tools Disk Suite;e:\program files\PC Tools Disk Suite\DSService.exe [2008-08-08 480576]

R2 LmpcService;Lock My PC Service;e:\program files\Lock My PC 4\LmpcServ.exe [2007-06-12 52592]

R2 sbapifs;sbapifs;e:\windows\system32\DRIVERS\sbapifs.sys [2008-09-12 69168]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;e:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 LMPC4;LMPC4;e:\windows\system32\drivers\LMPC4.sys [2007-10-08 10096]

S3 fssfltr;FssFltr;e:\windows\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]

S3 fsssvc;Windows Live Contrôle parental;e:\program files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]

S3 MBAMProtector;MBAMProtector;e:\windows\system32\drivers\mbam.sys [2008-10-22 15504]

S3 MBAMSwissArmy;MBAMSwissArmy;e:\windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]

S3 MovRVDrv32;MovRVDrv32;e:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768]

S3 PSI;PSI;e:\windows\system32\DRIVERS\psi_mf.sys [2008-10-27 7808]

S3 SBRE;SBRE;e:\windows\system32\drivers\SBREdrv.sys [2008-10-23 92464]

S3 SndTDriverV32;SndTDriverV32;e:\windows\system32\drivers\SndTDriverV32.sys [2008-06-04 23096]

S3 SoundMovieServer;SoundMovieServer;e:\windows\system32\snmvtsvc.exe [2008-06-04 184320]

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);e:\windows\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;e:\windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;e:\windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]

S4 AHF;AHF;e:\users\Dolc3\AppData\Local\Temp\AHF.exe [ ]

S4 EFEV;EFEV;e:\users\Dolc3\AppData\Local\Temp\EFEV.exe [ ]

S4 H;H;e:\users\Dolc3\AppData\Local\Temp\H.exe [ ]

S4 HDDlife HDD Access service;HDDlife HDD Access service;e:\program files\BinarySense\HDDlife 3\hldasvc.exe [2007-06-07 652800]

S4 MBAMService;MBAMService;e:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-10-22 170640]

S4 QBCUDPRFAUDOG;QBCUDPRFAUDOG;e:\users\Dolc3\AppData\Local\Temp\QBCUDPRFAUDOG.exe [ ]

S4 SBAMSvc;CounterSpy Antispyware;e:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [2008-10-28 886056]

S4 StealthInjectorService;Stealth Service Helper;e:\program files\Micro Application\PC Anonyme\IJStealth4Svc.exe [2007-04-30 148992]

S4 WULGXGM;WULGXGM;e:\users\Dolc3\AppData\Local\Temp\WULGXGM.exe [ ]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

%SystemRoot%\system32\soundschemes.exe /AddRegistration

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

%SystemRoot%\system32\soundschemes2.exe /AddRegistration

.

Contenu du dossier 'Tâches planifiées'

 

2008-11-10 e:\windows\Tasks\Advanced WindowsCare V2 Pro.job

- e:\program files\IObit\Advanced WindowsCare V2 Pro\AutoCare.exe [2006-09-12 17:49]

 

2008-11-09 e:\windows\Tasks\AwcProUpdate.job

- e:\program files\IObit\Advanced WindowsCare V2 Pro\AutoUpdate.exe [2008-09-22 11:44]

 

2008-11-09 e:\windows\Tasks\AwcProUpdate.job

- e:\program files\IObit\Advanced WindowsCare V2 Pro\ [2008-11-09 20:00]

 

2008-11-10 e:\windows\Tasks\GlaryInitialize.job

- e:\program files\Glary Utilities\initialize.exe [2008-07-18 10:08]

 

2008-06-07 e:\windows\Tasks\Uniblue SpyEraser.job

- e:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-08-16 08:03]

 

2008-11-10 e:\windows\Tasks\User_Feed_Synchronization-{5433C9E9-8F4D-40F9-993C-F444CEDD7DFD}.job

- e:\windows\system32\msfeedssync.exe [2008-01-18 22:33]

.

.

------- Examen supplémentaire -------

.

FireFox -: Profile - e:\users\Dolc3\AppData\Roaming\Mozilla\Firefox\Profiles\epiob3x3.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/

FF -: plugin - e:\program files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll

FF -: plugin - e:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll

FF -: plugin - e:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - e:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - e:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll

FF -: plugin - e:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

FF -: plugin - e:\program files\Mozilla Firefox\plugins\npdeploytk.dll

FF -: plugin - e:\program files\Opera\program\plugins\NP_IDM1.dll

FF -: plugin - e:\program files\Opera\program\plugins\NP_IDM2.dll

FF -: plugin - e:\program files\Opera\program\plugins\NP_IDM3.dll

FF -: plugin - e:\program files\Opera\program\plugins\NP_IDM4.dll

FF -: plugin - e:\program files\Opera\program\plugins\NP_IDM5.dll

FF -: plugin - e:\program files\Opera\program\plugins\NP_IDM6.dll

FF -: plugin - e:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF -: plugin - e:\program files\Yahoo!\Shared\npYState.dll

FF -: plugin - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-10 22:01:33

Windows 6.0.6001 Service Pack 1 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

e:\windows\System32\audiodg.exe

e:\program files\Common Files\Acronis\Schedule2\schedul2.exe

e:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe

e:\windows\System32\oodag.exe

e:\windows\System32\PSIService.exe

e:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

e:\program files\ASUS\AASP\1.00.33\aaCenter.exe

e:\windows\System32\conime.exe

e:\windows\System32\wbem\unsecapp.exe

e:\program files\Internet Download Manager\IEMonitor.exe

e:\windows\System32\dllhost.exe

.

**************************************************************************

.

Heure de fin: 2008-11-10 22:07:26 - La machine a redémarré [Dolc3]

ComboFix-quarantined-files.txt 2008-11-10 21:07:19

 

Avant-CF: 27 322 580 992 octets libres

Après-CF: 27,092,385,792 octets libres

 

453 --- E O F --- 2008-11-07 08:01:28

Modifié le 10 novembre 2008 par Av3n4s

[Av3n4s]

Bonjour,

 

Est-ce que la désinfection est terminée ? Y a t'il des traces ?

[pear]

Bonsoir,

 

 

 

Je vous rappelle un précédent message:

 

Kaspersky et Symantec sont toujours là.

je vous avais demandé de choisir et suggéré la suppression de Symantec.

 

Est-ce que la désinfection est terminée ? Y a t'il des traces ?

J'ai un doute:

 

Rendez vous à cette addresse:

http://www.virustotal.com/fr/

 

Cliquez sur parcourir pour trouver ces fichiers:

e:\windows\wsnk.his

e:\windows\wsnk.ini

 

et cliquez sur "envoyer le fichier"

Copiez /collez la réponse dans votre prochain message.

 

 

Scan en ligne

NOTE: Le scan en ligne sera à faire avec Internet Explorer.

Désactiver l'antivirus actuel

Kaspersky

b]Sous Vista,il faut désactiver l'UAC, et cliquer droit sur Internet Explorer / Exécuter en tant qu'administrateur et coller l'URL de Kaspersky[/b]

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

Vider la corbeille.

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nommer le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème

Cybersécurité

 

 

et un nouvel hijackthis, svp

[Av3n4s]

Bonsoir,

 

Merci pour le retour.

Comme je vous l'ai expliqué, Kaspersky Internet Security est installé sur ma machine. Aussi, j'ai utilisé l'utilitaire que vous m'avez suggéré et malgré cela, il reste une trace.

Est-ce que je peux lancer un scan avec Kaspersky à la place du webscan ?

[pear]

Bonjour,

 

Est-ce que je peux lancer un scan avec Kaspersky à la place du webscan

 

Oui, bien sûr. ce n'en sera que mieux.

 

J'attends le rapport de Viruscan.

 

Pour Symantec et Norton, cherchez et supprimez les traces sur votre disque et dans le régistre.

Je vous avias indiqué Jv16.

[Av3n4s]

Analyse de wsnk.his

 

ntivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.11.13.2 2008.11.13 -

AntiVir 7.9.0.31 2008.11.13 -

Authentium 5.1.0.4 2008.11.13 -

Avast 4.8.1248.0 2008.11.13 -

AVG 8.0.0.199 2008.11.13 -

BitDefender 7.2 2008.11.13 -

CAT-QuickHeal 9.50 2008.11.12 -

ClamAV 0.94.1 2008.11.13 -

DrWeb 4.44.0.09170 2008.11.13 -

eSafe 7.0.17.0 2008.11.12 -

eTrust-Vet 31.6.6208 2008.11.13 -

Ewido 4.0 2008.11.13 -

F-Prot 4.4.4.56 2008.11.12 -

F-Secure 8.0.14332.0 2008.11.13 -

Fortinet 3.117.0.0 2008.11.13 -

GData 19 2008.11.13 -

Ikarus T3.1.1.45.0 2008.11.13 -

K7AntiVirus 7.10.523 2008.11.12 -

Kaspersky 7.0.0.125 2008.11.13 -

McAfee 5432 2008.11.13 -

Microsoft 1.4104 2008.11.13 -

NOD32 3610 2008.11.13 -

Norman 5.80.02 2008.11.13 -

Panda 9.0.0.4 2008.11.13 -

PCTools 4.4.2.0 2008.11.13 -

Prevx1 V2 2008.11.13 -

Rising 21.03.31.00 2008.11.13 -

SecureWeb-Gateway 6.7.6 2008.11.13 -

Sophos 4.35.0 2008.11.13 -

Sunbelt 3.1.1785.2 2008.11.11 -

Symantec 10 2008.11.13 -

TheHacker 6.3.1.1.151 2008.11.13 -

TrendMicro 8.700.0.1004 2008.11.13 -

VBA32 3.12.8.9 2008.11.12 -

ViRobot 2008.11.13.1466 2008.11.13 -

VirusBuster 4.5.11.0 2008.11.12 -

Analyse de wsnk.ini

 

Antivirus Version Dernière mise à jour Résultat

AhnLab-V3 2008.11.13.2 2008.11.13 -

AntiVir 7.9.0.31 2008.11.13 -

Authentium 5.1.0.4 2008.11.13 -

Avast 4.8.1248.0 2008.11.13 -

AVG 8.0.0.199 2008.11.13 -

BitDefender 7.2 2008.11.13 -

CAT-QuickHeal 9.50 2008.11.12 -

ClamAV 0.94.1 2008.11.13 -

DrWeb 4.44.0.09170 2008.11.13 -

eSafe 7.0.17.0 2008.11.12 -

eTrust-Vet 31.6.6208 2008.11.13 -

Ewido 4.0 2008.11.13 -

F-Prot 4.4.4.56 2008.11.12 -

Fortinet 3.117.0.0 2008.11.13 -

GData 19 2008.11.13 -

Ikarus T3.1.1.45.0 2008.11.13 -

K7AntiVirus 7.10.523 2008.11.12 -

Kaspersky 7.0.0.125 2008.11.13 -

McAfee 5432 2008.11.13 -

Microsoft 1.4104 2008.11.13 -

NOD32 3610 2008.11.13 -

Norman 5.80.02 2008.11.13 -

Panda 9.0.0.4 2008.11.13 -

PCTools 4.4.2.0 2008.11.13 -

Rising 21.03.31.00 2008.11.13 -

SecureWeb-Gateway 6.7.6 2008.11.13 -

Sophos 4.35.0 2008.11.13 -

Sunbelt 3.1.1785.2 2008.11.11 -

Symantec 10 2008.11.13 -

TheHacker 6.3.1.1.151 2008.11.13 -

TrendMicro 8.700.0.1004 2008.11.13 -

VBA32 3.12.8.9 2008.11.12 -

ViRobot 2008.11.13.1466 2008.11.13 -

VirusBuster 4.5.11.0 2008.11.12 -

 

Dès que Kaspersky aurait fini, je posterai le log ainsi que le log de HijackThis

[Av3n4s]

Bonjour,

 

Désolé pour le retard.

 

Scan sous Kaspersky :

 

Analyse complète: terminée le 17/11/2008 23:24:33 (événements : 2, objets : 700039, durée : 01:14:57)

17/11/2008 22:00:47 Détectés: http://www.viruslist.com/fr/advisories/29434 E:\Users\All Users\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\mia.lib

17/11/2008 23:02:25 Détectés: http://www.viruslist.com/fr/advisories/26447 E:\Windows\System32\msxml4.old

17/11/2008 23:24:33 Fin de la tâche

 

J'ai uniquement sélectionne les évènements importants, il n'y a rien à signaler excepté 2 failles de sécurité.

 

Scan HijackThis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:48:11, on 17/11/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

E:\Windows\system32\taskeng.exe

E:\Windows\system32\Dwm.exe

E:\Windows\Explorer.EXE

E:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe

E:\Program Files\Internet Download Manager\IDMan.exe

E:\Windows\system32\wbem\unsecapp.exe

E:\Program Files\Internet Download Manager\IEMonitor.exe

E:\Program Files\Trend Micro\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 222.35.73.92:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - E:\Program Files\IEPro\iepro.dll

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: GetTubeVideoObj Class - {6679B3FC-711A-4583-B54A-897B3A0D40E9} - E:\Program Files\GetTubeVideo\GetTubeVideo.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - E:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"

O4 - HKCU\..\Run: [iDMan] E:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [AVO Ram Optimizer] e:\program files\systweak\advanced vista optimizer 2008\AVO.exe -s

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Ajouter le contenu des liens sélectionnés à un fichier PDF existant - res://E:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

O8 - Extra context menu item: Ajouter le contenu du lien à un fichier PDF existant - res://E:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir au format Adobe PDF - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://E:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Créer des fichiers PDF à partir des liens sélectionnés - res://E:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

O8 - Extra context menu item: Créer fichier PDF - res://E:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

O8 - Extra context menu item: Créer un fichier PDF depuis le contenu du lien - res://E:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Grab To Fototagger - E:\Program Files\FotoTagger\grab.htm

O8 - Extra context menu item: Ouvrir avec Nuance PDF Converter 5.0 - res://E:\Program Files\Nuance\PDF Professional 5\cnvres_fre.dll /100

O8 - Extra context menu item: Télécharger avec IDM - E:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - E:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Télécharger tous les liens avec IDM - E:\Program Files\Internet Download Manager\IEGetAll.htm

O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - E:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - E:\Program Files\IEPro\iepro.dll

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - E:\Program Files\IEPro\iepro.dll

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: e:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: e:\windows\system32\wpclsp.dll

O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - http://picasaweb.google.fr/s/v/39.22/uploader2.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O16 - DPF: {B87A4DE2-57A3-41CA-8781-89D43EA6EEF4} - http://videomessages.live.com/portal/ClientBin/VCaptCtl.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - AppInit_DLLs: E:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,E:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll,E:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,E:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - E:\Windows\System32\DreamScene.dll

O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - E:\PROGRA~1\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll

O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - E:\PROGRA~1\Stardock\Object Desktop\DeskScapes\DreamControl.dll

O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - E:\PROGRA~1\Stardock\Object Desktop\DeskScapes\deskscapes.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - E:\Windows\system32\AEADISRV.EXE

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak Inc - E:\Program Files\Systweak\Systweak CacheBoost\cbsrv.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Lock My PC Service (LmpcService) - Unknown owner - E:\Program Files\Lock My PC 4\LmpcServ.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: ProtexisLicensing - Unknown owner - E:\Windows\system32\PSIService.exe

O23 - Service: SoundMovieServer - SoundMovieServer - E:\Windows\system32\snmvtsvc.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - E:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - E:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

 

--

End of file - 11833 bytes

[pear]

Bonjour,

 

Dans Hijackthis, cochez ces lignes puis fixchecked:

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - E:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

 

 

 

Télécharger sur le bureauOTMoveIt3 by OldTimer .

Double-clic sur OTMoveIt3.exe pour le lancer.

Sous Vista,Clic droit sur le fichier ->Choisir Exécuter en tant qu' Administrateur

Vérifier que Unregister Dll's and Ocx's soit coché.

* Copiez /Collez les lignes ci dessous):

 

:Processes

explorer.exe

:Services

:Files

E:\Users\All Users\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\mia.lib

E:\Windows\System32\msxml4.old

:Reg

:Commands

[purity]

[emptytemp]

[start explorer]

[Reboot]

Revenez dans OTMoveIt3,

Clic droit sur la fenêtre "Paste Instructions for Items to be Moved" sous la barre jaune et choisir Coller(Paste).

* Click le bouton rouge Moveit!

* Fermez OTMoveIt3

Votre Pc va redémarrer.

Rendez vous dans le dossier C:\_OTMoveIt\MovedFiles ,

ouvrez le dernier fichier .log

Copiez/collez en le contenu dans votre prochaine réponse

 

[Av3n4s]

Bonjour,

 

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - E:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

 

Dans le passé, j'ai supprimé à plusieurs reprises cette ligne mais elle revient à chaque fois.

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 222.35.73.92:80

 

Cette ligne est elle normale quand on n'utilise pas de proxy ?

 

Log de MoveIt!

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== SERVICES/DRIVERS ==========

========== FILES ==========

E:\Users\All Users\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\mia.lib moved successfully.

E:\Windows\System32\msxml4.old moved successfully.

========== REGISTRY ==========

========== COMMANDS ==========

File delete failed. E:\Users\Dolc3\AppData\Local\Temp\etilqs_aysv9ENF5BGEfDJv3gza scheduled to be deleted on reboot.

File delete failed. E:\Users\Dolc3\AppData\Local\Temp\~DF64A1.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

File delete failed. E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Opera cache emptied.

Temp folders emptied.

Explorer started successfully

 

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11182008_163337

 

Files moved on Reboot...

File E:\Users\Dolc3\AppData\Local\Temp\etilqs_aysv9ENF5BGEfDJv3gza not found!

E:\Users\Dolc3\AppData\Local\Temp\~DF64A1.tmp moved successfully.

E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\Cache\_CACHE_001_ moved successfully.

E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\Cache\_CACHE_002_ moved successfully.

E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\Cache\_CACHE_003_ moved successfully.

E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\Cache\_CACHE_MAP_ moved successfully.

E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\urlclassifier3.sqlite moved successfully.

E:\Users\Dolc3\AppData\Local\Mozilla\Firefox\Profiles\epiob3x3.default\XUL.mfl moved successfully.

[pear]

Bonsoir,

 

ON avance bien, je trouve.

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 222.35.73.92:80

Cette ligne est elle normale quand on n'utilise pas de proxy ?

Fixez la dans Hijackthis.

 

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - E:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

Dans le passé, j'ai supprimé à plusieurs reprises cette ligne mais elle revient à chaque fois.

 

Copiez collez dans le bloc notes.

Enregistrez sous Serv.bat, sur le bureau.

Double clic pour lancer.

 

@echo Suppression du Service

sc stop WLSetupSvc

sc delete WLSetupSvc