Infection par Antispyware Soft

[mat.ardy428]

Voilà

Désolé mais l'analyse Malwarebyte est extrêment longue...

 

 

Voilà le rapport Malwarebyte:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Version de la base de données: 4071

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 

06/05/2010 15:13:24

mbam-log-2010-05-06 (15-13-24).txt

 

Type d'examen: Examen complet (C:\|D:\|)

Elément(s) analysé(s): 368196

Temps écoulé: 2 heure(s), 28 minute(s), 26 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 6

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 4

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted

 

successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted

 

successfully.

HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted

 

successfully.

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted

 

successfully.

HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted

 

successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oothkikd

 

(Rogue.AntiSpywareSoft) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3

 

(Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral

 

(Trojan.Downloader) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Users\jepa\AppData\Local\ingryujxt\ivmoxextssd.exe (Rogue.AntiSpywareSoft) -> Quarantined

 

and deleted successfully.

C:\Windows\System32\drivers\vhyot.sys (Rootkit.Agent) -> Quarantined and deleted

 

successfully.

C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) ->

 

Quarantined and deleted successfully.

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) ->

 

Qua

 

 

 

Et un nouveau rapport Hijackthis

 

 

PS: au passage, quand je lance Hijackthis, il me met cette fenêtre:

 

 

Le rapport:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:45:37, on 09/03/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18385)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\Dwm.exe

C:\Users\jepa\AppData\Local\av.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\OrangeHSS\Systray\SystrayApp.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\OrangeHSS\Launcher\Launcher.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\OrangeHSS\Deskboard\deskboard.exe

C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe

C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe

C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\OrangeHSS\browser\browser.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\system32\wuauclt.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab

O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} (Sony SNC-CS3 Image Viewer) - http://82.127.17.206/home/SonySncCs3View.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...istaADP-1.1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

 

--

End of file - 11661 bytes

[Apollo]

Re,

 

L'analyse a été longue parce que tu as beaucoup de fichiers sur le pc.

 

Pour Hijackthis, il ne faut pas oublier de l'exécuter en temps qu'administrateur après clic droit sur l'exécutable.

 

Ceci dit, il y a une autre version, aussi je te propose d'installer celle-ci à la place de la V2:

Télécharge Hijackthis 2.0.4 et enregistre-le sur le bureau.

 

Sous XP, double clique sur l'icône

 

Sous Vista, fais un clic droit sur l'icône/exécuter en temps qu'administrateur.

 

Clique sur "Scan".

 

Clique ensuite sur "Save log", un fichier texte avec le rapport doit s'ouvrir.

 

Sauvegarde le fichier texte sur le bureau.

 

Fais un clic droit sur le texte ouvert, clique encore avec le bouton droit puis clique sur "copier".

 

Colle le résultat dans ta réponse stp.

 

Tu feras une nouvelle analyse HJT lorsque je te le demanderai

 

Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien:

 

OTM

 

Ou ici: http://ottools.noahdfear.net/OTM.exe

 

• Double-clique sur OTM.exe pour le lancer (l'extension .exe peut ne pas apparaître)
   
  ---> sous VISTA/7: clic droit: exécuter en temps qu'administrateur.
   
  
• Copie l'entièreté du code ci-dessous.
  

  Go
  
  :Files
  
  c:\users\jepa\appdata\local\av.exe
  
  :Services
  
  :Reg
  
  :Commands
  
  [purity]
  [emptytemp]
  [start explorer]

  
   
  

• Colle ce code dans la partie jaune de OtMoveIt3 intitulée:
  "Paste Instructions for Items to be Moved"
   
  
• Clique sur le bouton Moveit! pour lancer le nettoyage:
   
  
• Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results
  --> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
  
• Ferme OTM en cliquant sur Exit:
  

Note : Si un fichier ou un dossier ne peut être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter.

 

*** L'outil va terminer son travail après le redémarrage du pc puis fournira son rapport; copie/colle le dans ta réponse stp.

 

-----------------------------------------

Après avoir posté le rapport d'OTM, on va vérifier encore une chose:

 

Télécharge TDSSKiller.zip sur ton bureau.

 

Décompresse-le. (clic droit/extraire ici).

 

Ouvre le dossier si la décompression a donné un répertoire TDSSKiller.

 

Double-clique sur TDSSKiller.exe

 

A la fin de l'exécution, appuie sur une touche comme demandé pour fermer la fenêtre.

Si un reboot est demandé, accepter en tapant Y (yes) et valider avec Enter.

 

NB: Pendant la procédure, si TDSSKiller fait apparaître ce message:

Hidden service detected: H8SRTd.sys

Type "delete" (without quotes) to delete it: 14:30:08:000 0256

, tape delete et valide.

 

Il y aura un rapport TDSSKiller.txt sur le C:\

Ouvre le fichier texte et copie l'entièreté du contenu; colle-le dans ta réponse.

 

@++

Modifié le 6 mai 2010 par Apollo

[mat.ardy428]

Tout marche bien sauf TDSSKiller, qui reste sur cette fenêtre (j'ai même essayé en exécutant en tant qu'admin, ça fait pareil):

 

 

Qu'est-ce que je fais? J'ai les 2 autres rapports (nouvelle version d'Hijackthis et OTM)

[Apollo]

Tu dois taper delete (sans les guillemets) dans la fenêtre noire, puis valider par ok sinon TDSSKiller ne bougera plus d'un poil.

 

Tu pourras me poster les rapports que tu as

 

@ tte.

[mat.ardy428]

Alors voilà les 3 rapports:

 

Hijackthis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:53:06, on 06/05/2010

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18444)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\SysMonitor.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\OrangeHSS\Systray\SystrayApp.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Maxtor\OneTouch\Utils\OneTouch.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehmsas.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Windows\System32\mobsync.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Users\jepa\Desktop\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll

O1 - Hosts: ::1 localhost

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe

O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab

O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB50} (Sony SNC-CS3 Image Viewer) - http://82.127.17.206/home/SonySncCs3View.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos-beta/OnlineScanner.cab

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/...tiveXPlugin.cab

O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/a...istaADP-1.1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

O23 - Service: Adobe Version Cue CS3 {fr_FR} (Adobe Version Cue CS3) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: hpqcxs08 - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service HP CUE DeviceDiscovery (hpqddsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: Net Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

 

--

End of file - 25018 bytes

 

OTM:

 

All processes killed

Error: Unable to interpret <Go> in the current context!

========== FILES ==========

File/Folder c:\users\jepa\appdata\local\av.exe not found.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: jepa

->Temp folder emptied: 2327848 bytes

->Temporary Internet Files folder emptied: 3387006903 bytes

->Java cache emptied: 37986522 bytes

->FireFox cache emptied: 66578209 bytes

->Flash cache emptied: 230120 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 876435 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13725401 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 243 bytes

RecycleBin emptied: 520756 bytes

 

Total Files Cleaned = 3 347,00 mb

 

 

OTM by OldTimer - Version 3.1.12.0 log created on 05062010_155356

 

Files moved on Reboot...

File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.

File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

TDSSKiller

 

16:01:44:724 2120 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04

16:01:44:724 2120 ================================================================================

16:01:44:724 2120 SystemInfo:

 

16:01:44:725 2120 OS Version: 6.0.6001 ServicePack: 1.0

16:01:44:725 2120 Product type: Workstation

16:01:44:725 2120 ComputerName: PAJE

16:01:44:725 2120 UserName: jepa

16:01:44:725 2120 Windows directory: C:\Windows

16:01:44:725 2120 Processor architecture: Intel x86

16:01:44:725 2120 Number of processors: 2

16:01:44:725 2120 Page size: 0x1000

16:01:44:726 2120 Boot type: Normal boot

16:01:44:727 2120 ================================================================================

16:01:44:729 2120 ForceUnloadDriverW: Old driver(klmd21) unloaded successfully

16:01:45:251 2120 wfopen_ex: Trying to open file C:\Windows\system32\config\system

16:01:45:252 2120 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

16:01:45:252 2120 wfopen_ex: Trying to KLMD file open

16:01:45:252 2120 wfopen_ex: File opened ok (Flags 2)

16:01:45:260 2120 wfopen_ex: Trying to open file C:\Windows\system32\config\software

16:01:45:260 2120 wfopen_ex: MyNtCreateFileW error 32 (C0000043)

16:01:45:260 2120 wfopen_ex: Trying to KLMD file open

16:01:45:260 2120 wfopen_ex: File opened ok (Flags 2)

16:01:45:261 2120 Initialize success

16:01:45:261 2120

16:01:45:261 2120 Scanning Services ...

16:01:46:054 2120 Raw services enum returned 434 services

16:01:46:072 2120 Suspicious serv vhyot (h: 0, b: 1)

16:01:46:073 2120

16:01:46:073 2120 Hidden service detected!

16:01:46:073 2120 Service name: vhyot

16:01:46:074 2120 Image path:

16:01:46:074 2120 Type "delete" (without quotes) to delete it: 16:25:32:016 2120

16:25:32:017 2120 By user detect vhyot

16:25:32:037 2120 RegNode HKLM\SYSTEM\ControlSet001\services\vhyot infected by TDSS rootkit ... 16:25:32:038 2120 will be deleted on reboot

16:25:32:057 2120 RegNode HKLM\SYSTEM\ControlSet003\services\vhyot infected by TDSS rootkit ... 16:25:32:058 2120 will be deleted on reboot

16:25:32:076 2120 File C:\Windows\system32\drivers\vhyot.sys infected by TDSS rootkit ... 16:25:32:076 2120 will be deleted on reboot

16:25:32:077 2120

16:25:32:077 2120 Scanning Kernel memory ...

16:25:32:078 2120 Devices to scan: 5

16:25:32:078 2120

16:25:32:078 2120 Driver Name: USBSTOR

16:25:32:078 2120 IRP_MJ_CREATE : 86EEA1F8

16:25:32:078 2120 IRP_MJ_CREATE_NAMED_PIPE : 81E68013

16:25:32:078 2120 IRP_MJ_CLOSE : 86EEA1F8

16:25:32:078 2120 IRP_MJ_READ : 86EEA1F8

16:25:32:078 2120 IRP_MJ_WRITE : 86EEA1F8

16:25:32:078 2120 IRP_MJ_QUERY_INFORMATION : 81E68013

16:25:32:078 2120 IRP_MJ_SET_INFORMATION : 81E68013

16:25:32:078 2120 IRP_MJ_QUERY_EA : 81E68013

16:25:32:078 2120 IRP_MJ_SET_EA : 81E68013

16:25:32:078 2120 IRP_MJ_FLUSH_BUFFERS : 81E68013

16:25:32:078 2120 IRP_MJ_QUERY_VOLUME_INFORMATION : 81E68013

16:25:32:078 2120 IRP_MJ_SET_VOLUME_INFORMATION : 81E68013

16:25:32:078 2120 IRP_MJ_DIRECTORY_CONTROL : 81E68013

16:25:32:078 2120 IRP_MJ_FILE_SYSTEM_CONTROL : 81E68013

16:25:32:079 2120 IRP_MJ_DEVICE_CONTROL : 86EEA1F8

16:25:32:079 2120 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86EEA1F8

16:25:32:079 2120 IRP_MJ_SHUTDOWN : 81E68013

16:25:32:079 2120 IRP_MJ_LOCK_CONTROL : 81E68013

16:25:32:079 2120 IRP_MJ_CLEANUP : 81E68013

16:25:32:079 2120 IRP_MJ_CREATE_MAILSLOT : 81E68013

16:25:32:079 2120 IRP_MJ_QUERY_SECURITY : 81E68013

16:25:32:079 2120 IRP_MJ_SET_SECURITY : 81E68013

16:25:32:079 2120 IRP_MJ_POWER : 86EEA1F8

16:25:32:079 2120 IRP_MJ_SYSTEM_CONTROL : 86EEA1F8

16:25:32:079 2120 IRP_MJ_DEVICE_CHANGE : 81E68013

16:25:32:079 2120 IRP_MJ_QUERY_QUOTA : 81E68013

16:25:32:079 2120 IRP_MJ_SET_QUOTA : 81E68013

16:25:32:102 2120 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

16:25:32:103 2120

16:25:32:103 2120 Driver Name: USBSTOR

16:25:32:103 2120 IRP_MJ_CREATE : 86EEA1F8

16:25:32:103 2120 IRP_MJ_CREATE_NAMED_PIPE : 81E68013

16:25:32:103 2120 IRP_MJ_CLOSE : 86EEA1F8

16:25:32:103 2120 IRP_MJ_READ : 86EEA1F8

16:25:32:103 2120 IRP_MJ_WRITE : 86EEA1F8

16:25:32:103 2120 IRP_MJ_QUERY_INFORMATION : 81E68013

16:25:32:103 2120 IRP_MJ_SET_INFORMATION : 81E68013

16:25:32:103 2120 IRP_MJ_QUERY_EA : 81E68013

16:25:32:103 2120 IRP_MJ_SET_EA : 81E68013

16:25:32:103 2120 IRP_MJ_FLUSH_BUFFERS : 81E68013

16:25:32:103 2120 IRP_MJ_QUERY_VOLUME_INFORMATION : 81E68013

16:25:32:103 2120 IRP_MJ_SET_VOLUME_INFORMATION : 81E68013

16:25:32:103 2120 IRP_MJ_DIRECTORY_CONTROL : 81E68013

16:25:32:103 2120 IRP_MJ_FILE_SYSTEM_CONTROL : 81E68013

16:25:32:103 2120 IRP_MJ_DEVICE_CONTROL : 86EEA1F8

16:25:32:103 2120 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86EEA1F8

16:25:32:103 2120 IRP_MJ_SHUTDOWN : 81E68013

16:25:32:103 2120 IRP_MJ_LOCK_CONTROL : 81E68013

16:25:32:103 2120 IRP_MJ_CLEANUP : 81E68013

16:25:32:103 2120 IRP_MJ_CREATE_MAILSLOT : 81E68013

16:25:32:103 2120 IRP_MJ_QUERY_SECURITY : 81E68013

16:25:32:103 2120 IRP_MJ_SET_SECURITY : 81E68013

16:25:32:103 2120 IRP_MJ_POWER : 86EEA1F8

16:25:32:103 2120 IRP_MJ_SYSTEM_CONTROL : 86EEA1F8

16:25:32:103 2120 IRP_MJ_DEVICE_CHANGE : 81E68013

16:25:32:103 2120 IRP_MJ_QUERY_QUOTA : 81E68013

16:25:32:104 2120 IRP_MJ_SET_QUOTA : 81E68013

16:25:32:106 2120 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

16:25:32:106 2120

16:25:32:106 2120 Driver Name: USBSTOR

16:25:32:107 2120 IRP_MJ_CREATE : 86EEA1F8

16:25:32:107 2120 IRP_MJ_CREATE_NAMED_PIPE : 81E68013

16:25:32:107 2120 IRP_MJ_CLOSE : 86EEA1F8

16:25:32:107 2120 IRP_MJ_READ : 86EEA1F8

16:25:32:107 2120 IRP_MJ_WRITE : 86EEA1F8

16:25:32:107 2120 IRP_MJ_QUERY_INFORMATION : 81E68013

16:25:32:107 2120 IRP_MJ_SET_INFORMATION : 81E68013

16:25:32:107 2120 IRP_MJ_QUERY_EA : 81E68013

16:25:32:107 2120 IRP_MJ_SET_EA : 81E68013

16:25:32:107 2120 IRP_MJ_FLUSH_BUFFERS : 81E68013

16:25:32:107 2120 IRP_MJ_QUERY_VOLUME_INFORMATION : 81E68013

16:25:32:107 2120 IRP_MJ_SET_VOLUME_INFORMATION : 81E68013

16:25:32:107 2120 IRP_MJ_DIRECTORY_CONTROL : 81E68013

16:25:32:107 2120 IRP_MJ_FILE_SYSTEM_CONTROL : 81E68013

16:25:32:107 2120 IRP_MJ_DEVICE_CONTROL : 86EEA1F8

16:25:32:107 2120 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86EEA1F8

16:25:32:107 2120 IRP_MJ_SHUTDOWN : 81E68013

16:25:32:107 2120 IRP_MJ_LOCK_CONTROL : 81E68013

16:25:32:107 2120 IRP_MJ_CLEANUP : 81E68013

16:25:32:107 2120 IRP_MJ_CREATE_MAILSLOT : 81E68013

16:25:32:107 2120 IRP_MJ_QUERY_SECURITY : 81E68013

16:25:32:107 2120 IRP_MJ_SET_SECURITY : 81E68013

16:25:32:107 2120 IRP_MJ_POWER : 86EEA1F8

16:25:32:107 2120 IRP_MJ_SYSTEM_CONTROL : 86EEA1F8

16:25:32:107 2120 IRP_MJ_DEVICE_CHANGE : 81E68013

16:25:32:107 2120 IRP_MJ_QUERY_QUOTA : 81E68013

16:25:32:107 2120 IRP_MJ_SET_QUOTA : 81E68013

16:25:32:110 2120 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

16:25:32:110 2120

16:25:32:110 2120 Driver Name: USBSTOR

16:25:32:110 2120 IRP_MJ_CREATE : 86EEA1F8

16:25:32:110 2120 IRP_MJ_CREATE_NAMED_PIPE : 81E68013

16:25:32:110 2120 IRP_MJ_CLOSE : 86EEA1F8

16:25:32:111 2120 IRP_MJ_READ : 86EEA1F8

16:25:32:111 2120 IRP_MJ_WRITE : 86EEA1F8

16:25:32:111 2120 IRP_MJ_QUERY_INFORMATION : 81E68013

16:25:32:111 2120 IRP_MJ_SET_INFORMATION : 81E68013

16:25:32:111 2120 IRP_MJ_QUERY_EA : 81E68013

16:25:32:111 2120 IRP_MJ_SET_EA : 81E68013

16:25:32:111 2120 IRP_MJ_FLUSH_BUFFERS : 81E68013

16:25:32:111 2120 IRP_MJ_QUERY_VOLUME_INFORMATION : 81E68013

16:25:32:111 2120 IRP_MJ_SET_VOLUME_INFORMATION : 81E68013

16:25:32:111 2120 IRP_MJ_DIRECTORY_CONTROL : 81E68013

16:25:32:111 2120 IRP_MJ_FILE_SYSTEM_CONTROL : 81E68013

16:25:32:111 2120 IRP_MJ_DEVICE_CONTROL : 86EEA1F8

16:25:32:111 2120 IRP_MJ_INTERNAL_DEVICE_CONTROL : 86EEA1F8

16:25:32:111 2120 IRP_MJ_SHUTDOWN : 81E68013

16:25:32:111 2120 IRP_MJ_LOCK_CONTROL : 81E68013

16:25:32:111 2120 IRP_MJ_CLEANUP : 81E68013

16:25:32:111 2120 IRP_MJ_CREATE_MAILSLOT : 81E68013

16:25:32:111 2120 IRP_MJ_QUERY_SECURITY : 81E68013

16:25:32:111 2120 IRP_MJ_SET_SECURITY : 81E68013

16:25:32:111 2120 IRP_MJ_POWER : 86EEA1F8

16:25:32:111 2120 IRP_MJ_SYSTEM_CONTROL : 86EEA1F8

16:25:32:111 2120 IRP_MJ_DEVICE_CHANGE : 81E68013

16:25:32:111 2120 IRP_MJ_QUERY_QUOTA : 81E68013

16:25:32:111 2120 IRP_MJ_SET_QUOTA : 81E68013

16:25:32:114 2120 C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: 1

16:25:32:114 2120

16:25:32:114 2120 Driver Name: atapi

16:25:32:114 2120 IRP_MJ_CREATE : 84B7A1F8

16:25:32:114 2120 IRP_MJ_CREATE_NAMED_PIPE : 81E68013

16:25:32:114 2120 IRP_MJ_CLOSE : 84B7A1F8

16:25:32:114 2120 IRP_MJ_READ : 81E68013

16:25:32:114 2120 IRP_MJ_WRITE : 81E68013

16:25:32:115 2120 IRP_MJ_QUERY_INFORMATION : 81E68013

16:25:32:115 2120 IRP_MJ_SET_INFORMATION : 81E68013

16:25:32:115 2120 IRP_MJ_QUERY_EA : 81E68013

16:25:32:115 2120 IRP_MJ_SET_EA : 81E68013

16:25:32:115 2120 IRP_MJ_FLUSH_BUFFERS : 81E68013

16:25:32:115 2120 IRP_MJ_QUERY_VOLUME_INFORMATION : 81E68013

16:25:32:115 2120 IRP_MJ_SET_VOLUME_INFORMATION : 81E68013

16:25:32:115 2120 IRP_MJ_DIRECTORY_CONTROL : 81E68013

16:25:32:115 2120 IRP_MJ_FILE_SYSTEM_CONTROL : 81E68013

16:25:32:115 2120 IRP_MJ_DEVICE_CONTROL : 84B7A1F8

16:25:32:115 2120 IRP_MJ_INTERNAL_DEVICE_CONTROL : 84B7A1F8

16:25:32:115 2120 IRP_MJ_SHUTDOWN : 81E68013

16:25:32:115 2120 IRP_MJ_LOCK_CONTROL : 81E68013

16:25:32:115 2120 IRP_MJ_CLEANUP : 81E68013

16:25:32:115 2120 IRP_MJ_CREATE_MAILSLOT : 81E68013

16:25:32:115 2120 IRP_MJ_QUERY_SECURITY : 81E68013

16:25:32:115 2120 IRP_MJ_SET_SECURITY : 81E68013

16:25:32:115 2120 IRP_MJ_POWER : 84B7A1F8

16:25:32:115 2120 IRP_MJ_SYSTEM_CONTROL : 84B7A1F8

16:25:32:115 2120 IRP_MJ_DEVICE_CHANGE : 81E68013

16:25:32:115 2120 IRP_MJ_QUERY_QUOTA : 81E68013

16:25:32:115 2120 IRP_MJ_SET_QUOTA : 81E68013

16:25:32:132 2120 C:\Windows\system32\drivers\atapi.sys - Verdict: 1

16:25:32:132 2120 Reboot required for cure complete..

16:25:32:148 2120 Cure on reboot scheduled successfully

16:25:32:148 2120

16:25:32:149 2120 Completed

16:25:32:149 2120

16:25:32:150 2120 Results:

16:25:32:150 2120 Memory objects infected / cured / cured on reboot: 0 / 0 / 0

16:25:32:150 2120 Registry objects infected / cured / cured on reboot: 2 / 0 / 2

16:25:32:151 2120 File objects infected / cured / cured on reboot: 1 / 0 / 1

16:25:32:152 2120

16:25:32:153 2120 fclose_ex: Trying to close file C:\Windows\system32\config\system

16:25:32:154 2120 fclose_ex: Trying to close file C:\Windows\system32\config\software

16:25:32:158 2120 KLMD(ARK) unloaded successfully

 

 

PS: j'ai Antivir, et non Avast (je fais référence à ton avant-dernier post)

[Apollo]

Ouais petite distraction que j'ai éditée un peu tard.

 

Le pc a-t-il été redémarré quand TDSSKiller l'a demandé?

 

Ca m'a l'air beaucoup plus propre dans le log, néanmoins il faudra faire quelques mises à jour de sécurité.

 

Installe Explorer 8 , beaucoup plus sécurisé qu'IE6 ou IE7, même si Firefox ou un autre navigateur est utilisé.

 

Après installation d'IE8:

 

Pour éviter des problèmes de compatibilité de certains sites web avec IE8, cliquer sur "Page" (ou outils) au-dessus de la page web puis sur Paramètres d'affichage de compatibilité.

 

Cocher la case "Afficher tous les sites web dans Affichage de compatibilité". Fermer.

 

FAQ IE8

 

-----------------------------------

Fais ces quelques vérifications de sécurité stp.

 

-------------------------

Installer le SP2 pour Vista

 

Que faire si le SP2 refuse de s'installer

 

Après avoir fait tout ça, poste un nouveau log Hijackthis, qu'on allège un peu le boot du pc.

 

@+tard.

[mat.ardy428]

Oui, le PC a redémarré

 

TDSSkiller m'a laissé le choix entre continuer (N) et redémarrer (? je me rappele plus la touche)

 

J'ai redémarré et tout s'est bien passé

[Apollo]

C'est la touche Y (pour yes).

 

Tu peux procéder à la suite.

 

Le pc se comporte mieux?

 

++

[mat.ardy428]

C'est la touche Y (pour yes).

 

Tu peux procéder à la suite.

 

Le pc se comporte mieux?

 

++

 

Pour le PC, ça a l'air d'aller

 

La suite, c'est l'installation d'IE 8?

 

A ce propos, mon IE plante depuis quelques temps:

-une fenêtre grise apparaît à gauche chaque fois que j'ouvre un nouvel onglet/fenêtre; je corrige en éliminant la fenêtre en cliquant sur la croix de la fenêtre grise

-impossible de faire apparaître la Google Toolbar

 

Edit: PS: au moment où je t'écris je m'aperçois qu'Internet Explorer refuse d'afficher le moindre site

[Apollo]

Oui, il faut installer IE8 pour commencer; tu peux l'installer via Microsoft Update ou par la page que j'ai donnée plus haut.

 

Si tu as des problèmes pour afficher des sites web actuellement, tu peux réinitialiser Explorer 7 avant de procéder aux mises à jour. (options internet, onglets avancé, réinitialiser.)

 

Après une réinitialisation d'IE, il convient de réactiver les modules complémentaires et les réglages différents, mais tu ne perdras pas tes favoris par exemple.

 

Pour les onglets, voici mes paramètres perso:

 

 

Pour la saisie semi-automatique: