Sujet Précédent Sujet Suivant

Infection inconnu

mat -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
je ne peux utiliser mon ordinateur que en mode sans echec avec lequel je peux également aller sur internete.

en mode normal je ne peux ouvrir aucun programme et il plante mon ordinateur.

pour info j'ai un ordi portable vaio

merci.

86 réponses

Précédent
Réponse 61 / 86
mat
 
J'ai reussi à démarrer le gestionnaire de périphérique en mode normal et j'ai vu ceci:

dans appareil mobile, il y avait un triangle jaune devant :

"pilote de volume de systeme de fichiers microsoft WPD"

est ce que ca peut etre ca ?
si oui que faire.

merci
0
Réponse 62 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

il devrait quand même rester cette clé et les fichiers de l'élément amovible.

Au départ, tu avais des problèmes en mode normal (et pas en mode sans échec).

C'est toujours le cas ?

Remets un rapport ZHPDiag.
0
Réponse 63 / 86
mat
 
oui c'est toujours en mode normal que ca ne marche pas, mon bureau miantenant s'affiche alors qu'avant j'avais un ecran noir. mais qd j'ouvre un programme ou que j'essaie de me connecter a internet(wifi) ca bug.

Rapport de ZHPDiag v1.20.1 par Nicolas Coolman
Enregistré le 7/05/2009 19:46:30
Platform : Windows Vista (TM) Home Premium
MSIE: Internet Explorer v7.0.6000.16830
MFIE: Mozilla Firefox (3.0.10)

---\\
%ProgramFiles%\Windows Defender\MSASCui.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxpers.exe
RtHDVCpl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
%windir%\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeP
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe

---\\
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=explorer.exe

---\\
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/

---\\
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

---\\
O1 - Hosts: ::1 localhost

---\\
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

---\\
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll

---\\
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

---\\
O5 - control.ini: inetcpl.cpl=no

---\\
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

---\\
O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

---\\
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

---\\
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

---\\
O20 - Winlogon Notify: C:\Windows\System32\igfxdev.dll
O20 - Winlogon Notify: EventStartup - C:\Windows\System32\VESWinlogon.dll

O20 - AppInit_DLLs:C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

---\\
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030}

---\\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! Antivirus) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels (BcmSqlStartupSvc) - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
O23 - Service: IviRegMgr (IviRegMgr) - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NSUService (NSUService) - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - C:\Windows\system32\SLsvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - C:\Windows\System32\spoolsv.exe
O23 - Service: SQL Server Browser (SQLBrowser) - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
O23 - Service: Enregistreur VSS SQL Server (SQLWriter) - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
O23 - Service: VAIO Event Service (VAIO Event Service) - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot=SOFTWARE\Sony Corporation\VAIO Media Platform\2.0 /RegExt=Applications\IntegratedServer\HTTP
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot=SOFTWARE\Sony Corporation\VAIO Media Platform\2.0 /RegExt=\Applications\UCLS\HTTP
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - C:\Windows\system32\SearchIndexer.exe /Embedding
O23 - Service: XAudioService (XAudioService) - C:\Windows\system32\DRIVERS\xaudio.exe

---\\
O40 - ASIC: Microsoft Windows Media Player - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file)
O40 - ASIC: (no name) - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - (not file)
O40 - ASIC: Microsoft Windows Media Player 11.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\Windows\system32\regsvr32.exe /s /n /i:/UserInstall C:\Windows\system32\themeui.dll
O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Mail 7 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
O40 - ASIC: (no name) - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file)
O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file)
O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file)
O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file)
O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file)
O40 - ASIC: DirectX - {70B1B03C-222D-88AF-C38A-C4C01953AE34} - (not file)
O40 - ASIC: Dossiers Web - {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - (not file)
O40 - ASIC: Address Book 7 - {7790769C-0471-11d2-AF11-00C04FA35D02} - (not file)
O40 - ASIC: .NET Framework - {7C028AF8-F614-47B3-82DA-BA94E41B1089} - (not file)
O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file)
O40 - ASIC: .NET Framework - {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - (not file)
O40 - ASIC: Browser Customizations - {C8F78003-E2BC-C2E7-3124-4FFA88A4AE25} - (not file)
O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file)
O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file)
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\system32\Macromed\Flash\Flash9d.ocx
O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file)
O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file)

---\\
O41 - Driver: Alps Pointing-device Filter Driver (ApfiltrService) - C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
O41 - Driver: aswMonFlt (aswMonFlt) - C:\WINDOWS\system32\DRIVERS\aswMonFlt.sys
O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\system32\DRIVERS\asyncmac.sys
O41 - Driver: Atheros Extensible Wireless LAN device driver (athr) - C:\WINDOWS\system32\DRIVERS\athr.sys
O41 - Driver: Pilote pour Batterie à méthode de contrôle ACPI Microsoft (CmBatt) - C:\WINDOWS\system32\DRIVERS\CmBatt.sys
O41 - Driver: Sony DMI Call service (DMICall) - C:\WINDOWS\system32\DRIVERS\DMICall.sys
O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys
O41 - Driver: Intel(R) PRO/1000 NDIS 6 Adapter Driver (E1G60) - C:\WINDOWS\system32\DRIVERS\E1G60I32.sys
O41 - Driver: Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio (HdAudAddService) - C:\WINDOWS\system32\drivers\HdAudio.sys
O41 - Driver: (no object) (HSFHWAZL) - C:\WINDOWS\system32\DRIVERS\VSTAZL3.SYS
O41 - Driver: (no object) (HSF_DPV) - C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
O41 - Driver: (no object) (HSXHWAZL) - C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
O41 - Driver: (no object) (igfx) - C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
O41 - Driver: Service for Realtek HD Audio (WDM) (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHDA.sys
O41 - Driver: IP Traffic Filter Driver (IpFilterDriver) - C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
O41 - Driver: IP in IP Tunnel Driver (IpInIp) - C:\WINDOWS\system32\DRIVERS\ipinip.sys
O41 - Driver: Link-Layer Topology Discovery Mapper I/O Driver (lltdio) - C:\WINDOWS\system32\DRIVERS\lltdio.sys
O41 - Driver: (no object) (mdmxsdk) - C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
O41 - Driver: Service Pilote de fonction de classe Moniteur Microsoft (monitor) - C:\WINDOWS\system32\DRIVERS\monitor.sys
O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys
O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys
O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys
O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys
O41 - Driver: NativeWiFi Filter (NativeWifiP) - C:\WINDOWS\system32\DRIVERS\nwifi.sys
O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\system32\DRIVERS\ndistapi.sys
O41 - Driver: NDIS Usermode I/O Protocol (Ndisuio) - C:\WINDOWS\system32\DRIVERS\ndisuio.sys
O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\system32\DRIVERS\ndiswan.sys
O41 - Driver: NetBIOS Interface (NetBIOS) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: IPX Traffic Filter Driver (NwlnkFlt) - C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
O41 - Driver: IPX Traffic Forwarder Driver (NwlnkFwd) - C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
O41 - Driver: Creative WebCam Live! (P0630VID) - C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
O41 - Driver: PCAMp50 NDIS Protocol Driver (PCAMp50) - C:\WINDOWS\System32\Drivers\PCAMp50.sys
O41 - Driver: PCASp50 NDIS Protocol Driver (PCASp50) - C:\WINDOWS\System32\Drivers\PCASp50.sys
O41 - Driver: Miniport réseau étendu WAN (PPTP) (PptpMiniport) - C:\WINDOWS\system32\DRIVERS\raspptp.sys
O41 - Driver: @%SystemRoot%\System32\drivers\pacer.sys,-101 (PSched) - C:\WINDOWS\system32\DRIVERS\pacer.sys
O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys
O41 - Driver: Remote Access Auto Connection Driver (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys
O41 - Driver: Miniport réseau étendu WAN (L2TP) (Rasl2tp) - C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\system32\DRIVERS\raspppoe.sys
O41 - Driver: Link-Layer Topology Discovery Responder (rspndr) - C:\WINDOWS\system32\DRIVERS\rspndr.sys
O41 - Driver: Sony Firmware Extension Parser (SFEP) - C:\WINDOWS\system32\DRIVERS\SFEP.sys
O41 - Driver: @%SystemRoot%\system32\tcpipcfg.dll,-50005 (Smb) - C:\WINDOWS\system32\DRIVERS\smb.sys
O41 - Driver: Pilote d'appareil photo numérique série (StillCam) - C:\WINDOWS\system32\DRIVERS\serscan.sys
O41 - Driver: Microsoft IPv6 Protocol Driver (Tcpip6) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: (no object) (ti21sony) - C:\WINDOWS\system32\drivers\ti21sony.sys
O41 - Driver: Pilote de carte miniport Microsoft Tun (tunmp) - C:\WINDOWS\system32\DRIVERS\tunmp.sys
O41 - Driver: Pilote de carte miniport Microsoft IPv6 Tunnel (tunnel) - C:\WINDOWS\system32\DRIVERS\tunnel.sys
O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys
O41 - Driver: (no object) (vga) - C:\WINDOWS\system32\DRIVERS\vgapnp.sys
O41 - Driver: Remote Access IP ARP Driver (Wanarp) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: Remote Access IPv6 ARP Driver (Wanarpv6) - C:\WINDOWS\system32\DRIVERS\wanarp.sys
O41 - Driver: WimFltr (WimFltr) - C:\WINDOWS\system32\DRIVERS\wimfltr.sys
O41 - Driver: (no object) (winachsf) - C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
O41 - Driver: WpdUsb (WpdUsb) - C:\WINDOWS\system32\DRIVERS\wpdusb.sys
O41 - Driver: (no object) (XAudio) - C:\WINDOWS\system32\DRIVERS\xaudio.sys
O41 - Driver: NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller (yukonwlh) - C:\WINDOWS\system32\DRIVERS\yk60x86.sys
O41 - Driver: (no object) (WUDFRd) - C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

---\\
O42 - Logiciel: 32 Bit HP CIO Components Installer
O42 - Logiciel: Activation Assistant for the 2007 Microsoft Office suites
O42 - Logiciel: Adobe Bridge 1.0
O42 - Logiciel: Adobe Common File Installer
O42 - Logiciel: Adobe Flash Player 10 Plugin
O42 - Logiciel: Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Help Center 1.0
O42 - Logiciel: Adobe Photoshop CS2
O42 - Logiciel: Adobe Reader 8.1.0 - Français
O42 - Logiciel: Adobe Stock Photos 1.0
O42 - Logiciel: Alps Pointing-device for VAIO
O42 - Logiciel: Archiveur WinRAR
O42 - Logiciel: Assistant de connexion Windows Live
O42 - Logiciel: Atlantis - Sky Patrol
O42 - Logiciel: Audacity 1.2.6
O42 - Logiciel: Big Fish Games Sudoku
O42 - Logiciel: Browser Address Error Redirector
O42 - Logiciel: Centre de Big Fish Games
O42 - Logiciel: Choice Guard
O42 - Logiciel: Click to Disc
O42 - Logiciel: Click to Disc Editor
O42 - Logiciel: Creative WebCam Center
O42 - Logiciel: Creative WebCam Live! Driver (1.01.01.0730)
O42 - Logiciel: Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
O42 - Logiciel: GearDrvs
O42 - Logiciel: Gestionnaire de contacts professionnels pour Outlook 2007 SP1
O42 - Logiciel: Google Desktop
O42 - Logiciel: Google Earth
O42 - Logiciel: Google Gmail Notifier
O42 - Logiciel: Google Toolbar for Internet Explorer
O42 - Logiciel: HDAUDIO SoftV92 Data Fax Modem with SmartCP
O42 - Logiciel: HP Update
O42 - Logiciel: HijackThis 2.0.2
O42 - Logiciel: Installation Windows Live
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver
O42 - Logiciel: Java(TM) 6 Update 2
O42 - Logiciel: Java(TM) 6 Update 5
O42 - Logiciel: Junk Mail filter update
O42 - Logiciel: Kaspersky On-line Scanner
O42 - Logiciel: Kaspersky Online Scanner
O42 - Logiciel: MSVCRT
O42 - Logiciel: MSXML 4.0 SP2 (KB927978)
O42 - Logiciel: MSXML 4.0 SP2 (KB936181)
O42 - Logiciel: MSXML 4.0 SP2 (KB941833)
O42 - Logiciel: MSXML 4.0 SP2 (KB954430)
O42 - Logiciel: Mahjong Towers Eternity
O42 - Logiciel: Malwarebytes' Anti-Malware
O42 - Logiciel: Messenger Plus! Live
O42 - Logiciel: Micromega Software System EasyScan
O42 - Logiciel: Microsoft Office 2003 Web Components
O42 - Logiciel: Microsoft Office Professional Edition 2003
O42 - Logiciel: Microsoft Office Small Business Connectivity Components
O42 - Logiciel: Microsoft SQL Server 2005
O42 - Logiciel: Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
O42 - Logiciel: Microsoft SQL Server Native Client
O42 - Logiciel: Microsoft SQL Server VSS Writer
O42 - Logiciel: Microsoft Silverlight
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable
O42 - Logiciel: Microsoft Windows Media Video 9 VCM
O42 - Logiciel: Mozilla Firefox (3.0.10)
O42 - Logiciel: My Club VAIO
O42 - Logiciel: Mystery Case Files - Prime Suspects
O42 - Logiciel: OpenMG Limited Patch 4.7-07-15-19-01
O42 - Logiciel: OpenMG Secure Module 4.7.00
O42 - Logiciel: OpenOffice.org Installer 1.0
O42 - Logiciel: Outil VAIO Media Registration 6.0
O42 - Logiciel: Outil de restauration de données VAIO
O42 - Logiciel: Outil de téléchargement Windows Live
O42 - Logiciel: PDFCreator
O42 - Logiciel: Picasa 2
O42 - Logiciel: RealPlayer
O42 - Logiciel: Realtek High Definition Audio Driver
O42 - Logiciel: Roxio Activation Module
O42 - Logiciel: Roxio Easy Media Creator Home
O42 - Logiciel: Security Update for CAPICOM (KB931906)
O42 - Logiciel: Setting Utility Series
O42 - Logiciel: Skype™ 3.8
O42 - Logiciel: Sony Video Shared Library
O42 - Logiciel: VAIO Content Folder Setting
O42 - Logiciel: VAIO Content Metadata Intelligent Analyzing Manager
O42 - Logiciel: VAIO Content Metadata Manager Setting
O42 - Logiciel: VAIO Content Metadata XML Interface Library
O42 - Logiciel: VAIO Control Center
O42 - Logiciel: VAIO DVD Menu Data Basic
O42 - Logiciel: VAIO Entertainment Platform
O42 - Logiciel: VAIO Event Service
O42 - Logiciel: VAIO Launcher
O42 - Logiciel: VAIO Media 6.0
O42 - Logiciel: VAIO Media AC3 Decoder 1.0
O42 - Logiciel: VAIO Media Content Collection 6.0
O42 - Logiciel: VAIO Media Integrated Server 6.1
O42 - Logiciel: VAIO Media Redistribution 6.0
O42 - Logiciel: VAIO Movie Story
O42 - Logiciel: VAIO Movie Story Template Data
O42 - Logiciel: VAIO MusicBox
O42 - Logiciel: VAIO MusicBox Sample Music
O42 - Logiciel: VAIO Original Function Setting
O42 - Logiciel: VAIO Power Management
O42 - Logiciel: VAIO Smart Network
O42 - Logiciel: VAIO Update 3
O42 - Logiciel: VAIO Wallpaper Contents
O42 - Logiciel: Vaio Marketing Tools
O42 - Logiciel: VideoLAN VLC media player 0.8.6h
O42 - Logiciel: Virtual Villagers
O42 - Logiciel: Vuze
O42 - Logiciel: Vuze Toolbar
O42 - Logiciel: WinDVD for VAIO
O42 - Logiciel: Windows Live Call
O42 - Logiciel: Windows Live Communications Platform
O42 - Logiciel: Windows Live Mail
O42 - Logiciel: Windows Live Messenger
O42 - Logiciel: Windows Live OneCare safety scanner
O42 - Logiciel: Windows Media Player Firefox Plugin
O42 - Logiciel: avast! Antivirus
O42 - Logiciel: pdfforge Toolbar v1.0

---\\
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Adobe Systems Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\DESIGNER
O43 - CFD:Common File Directory - C:\Program Files\Common Files\France Telecom
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Hewlett-Packard
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InstallShield
O43 - CFD:Common File Directory - C:\Program Files\Common Files\InterVideo
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Java
O43 - CFD:Common File Directory - C:\Program Files\Common Files\microsoft shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\PX Storage Engine
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Real
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Roxio Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Services
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Skype
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Sonic Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Sony Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\SpeechEngines
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Symantec Shared
O43 - CFD:Common File Directory - C:\Program Files\Common Files\System
O43 - CFD:Common File Directory - C:\Program Files\Common Files\Windows Live
O43 - CFD:Common File Directory - C:\Program Files\Common Files\WindowsLiveInstaller
O43 - CFD:Common File Directory - C:\Program Files\Common Files\xing shared
0
Réponse 64 / 86
mat
 
voici la suite :

---\\
O44 - LFC:Last File Created - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->7/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->7/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\admparse.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\advpack.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\amxread.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\apilogen.dll -->17/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\config.nt -->30/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\dxtmsft.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\dxtrans.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\FNTCACHE.DAT -->5/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\html.iec -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasads.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasdatastore.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iasrecst.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\icardie.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ie4uinit.exe -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieaksie.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieakui.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieapfltr.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iedkcs32.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieencode.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieframe.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iernonce.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iertutil.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\iesetup.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieui.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ieUnatt.exe -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\inetcpl.cpl -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\jsproxy.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\kernel32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\lsasrv.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\lsass.exe -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\msfeeds.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtml.tlb -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtmled.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mshtmler.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\mstime.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntkrnlpa.exe -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\ntoskrnl.exe -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\occache.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc009.dat -->6/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfc00C.dat -->6/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh009.dat -->6/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\perfh00C.dat -->6/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\PerfStringBackup.INI -->6/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\pncrt.dll -->6/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\pndx5016.dll -->6/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\pndx5032.dll -->6/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\pngfilt.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelineprxy.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\printfilterpipelinesvc.exe -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\rmoc3260.dll -->6/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\rpcss.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\sdohlp.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\secur32.dll -->13/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\SPReview.exe -->5/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\SPWizUI.dll -->5/05/2009
O44 - LFC:Last File Created - C:\Windows\System32\urlmon.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\win32k.sys -->9/02/2009
O44 - LFC:Last File Created - C:\Windows\System32\wininet.dll -->3/03/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbam.sys -->6/04/2009
O44 - LFC:Last File Created - C:\Windows\System32\drivers\mbamswissarmy.sys -->6/04/2009

---\\
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\5U4XR4.EXE-C880B6A4.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\88H6V.EXE-8CBF0994.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ACRORD32.EXE-DE3ACCC1.pf -->30/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ADOBELM_CLEANUP.0001-EDD4AEE8.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ADOBEUPDATER.EXE-9A17D89B.pf -->30/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3291800838-4293685428-1941394720-1003.snp.db -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC1.db.trx -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC2.db -->19/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgCx_SC3_2783C6F4.db -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFaultHistory.db -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlFgAppHistory.db -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlGlobalHistory.db -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3291800838-4293685428-1941394720-1003.db -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3291800838-4293685428-1941394720-1003.db -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AgRobust.db -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\APMSGFWD.EXE-A575A1E2.pf -->29/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ASKSERVICE.EXE-5CCAADF8.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ASKUPGRADE.EXE-11555FEB.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\ATBROKER.EXE-2E15A492.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\AVAST.SETUP-499863F4.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\BCMSQLSTARTUPSVC.EXE-479AD82D.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CALC.EXE-77FDF17F.pf -->30/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CMD.EXE-4A81B364.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf -->2/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSC.EXE-A3B8D95D.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSCRIPT.EXE-D1EF4768.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CSRSS.EXE-3FE41F7E.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\CVTRES.EXE-069169FB.pf -->4/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-4F28A26F.pf -->27/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5458ADF9.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-5E46FA0D.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DRWEB-CUREIT.EXE-5A4BB232.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIND.EXE-E2237F6D.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FINDSTR.EXE-2E9C6FE2.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\FIREFOX.EXE-A606B53C.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLEDESKTOP.EXE-C9B032BF.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLETOOLBAR1USER.EXE-B7E47A27.pf -->27/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-107AC021.pf -->27/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\GOOGLEUPDATERSERVICE.EXE-09540BCD.pf -->27/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HELPER.EXE-8AEDE3E3.pf -->29/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\HPWUCLI.EXE-5427BA4C.pf -->4/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEUSER.EXE-7C0FE221.pf -->4/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf -->4/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IGFXEXT.EXE-D5F523DB.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\IVIREGMGR.EXE-8051C7DF.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\KILL.EXE-F39F8535.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\KILL_P.EXE-8DEC1918.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LANUTIL.EXE-C5E08832.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\Layout.ini -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGON.SCR-30601369.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\LPREMOVE.EXE-284EF282.pf -->27/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MFPMP.EXE-26F35380.pf -->26/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MMC.EXE-D5033898.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MOBSYNC.EXE-C5E2284F.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MODE.COM-DB34C082.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MPAS-D.EXE-40FE95BA.pf -->1/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MPCMDRUN.EXE-F401FBB4.pf -->1/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MPSIGSTUB.EXE-749C4FD1.pf -->28/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MPSIGSTUB.EXE-A2C4FFDF.pf -->1/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MSASCUI.EXE-07E0123F.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MSIEXEC.EXE-A2D55CB6.pf -->30/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\MSNMSGR.EXE-9974F251.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NSUSERVICE.EXE-0DEB9210.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\NTVDM.EXE-F6564EE5.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\OSE.EXE-533D8AC9.pf -->30/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PfSvPerfStats.bin -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PHOTOSHOP.EXE-1B8267A8.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\PRESENTATIONSETTINGS.EXE-2F4708C9.pf -->1/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REALONEMESSAGECENTER.EXE-9A1F2949.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REALPLAY.EXE-A09C7945.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\REALSCHED.EXE-A91B3084.pf -->1/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-230FC512.pf -->27/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-41CD37D2.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-5D22A0B6.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-70A53FFC.pf -->2/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-A6251510.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-E5B79941.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\RUNDLL32.EXE-F4579822.pf -->2/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SHUTDOWN.EXE-E7D5C9CC.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SKYPE.EXE-4929A84C.pf -->27/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SKYPEPM.EXE-EECA8925.pf -->27/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SMSS.EXE-E9C28FC6.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SPMGR.EXE-AC500AB9.pf -->4/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf -->2/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SVCHOST.EXE-DD9DE812.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SV_HTTPD.EXE-53437ED1.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\SWREG.EXE-BE5D1A81.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf -->2/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf -->2/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UPDATER.EXE-0BD7E9B5.pf -->29/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\UPNPFRAMEWORK.EXE-840D6EF2.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VERCLSID.EXE-7C52E31C.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VESMGRSUB.EXE-1C40D46F.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VLC.EXE-A11F73EE.pf -->2/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf -->2/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\VZHARDWARERESOURCEMANAGER.EXE-E97C37BC.pf -->2/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERCON.EXE-E36BD04E.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERFAULT.EXE-E69F695A.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WINWORD.EXE-71DAFA5C.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WLCOMM.EXE-272FF9F7.pf -->3/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WLRMDR.EXE-C2B47318.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf -->6/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMPLAYER.EXE-BAD6BD53.pf -->7/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WMPNETWK.EXE-D9F2A96F.pf -->28/04/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WSCRIPT.EXE-52CF1F0C.pf -->5/05/2009
O45 - LFCP:Last File Created Prefetch - C:\Windows\Prefetch\WUAUCLT.EXE-70318591.pf -->2/05/2009

---\\
O47 - AAKE:Key Export - "C:\Program Files\River Past\Cam Do\CamDo.exe"="C:\Program Files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do"

---\\
O48 - LSA:Local Security Authority Authentication Packages - C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages - C:\Windows\System32\scecli.dll

---\\
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\volmgrx.sys

---\\
O52 - TDSD:HKLM\...\Drivers\"timer"="timer.drv"
O52 - TDSD:HKLM\...\Drivers\"MSVideo.PD0630VFW"="P0630Vfw.drv"
O52 - TDSD:HKLM\...\Drivers32\"vidc.mrle"="msrle32.dll"
O52 - TDSD:HKLM\...\Drivers32\"vidc.msvc"="msvidc32.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.imaadpcm"="imaadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msg711"="msg711.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msgsm610"="msgsm32.acm"
O52 - TDSD:HKLM\...\Drivers32\"msacm.msadpcm"="msadp32.acm"
O52 - TDSD:HKLM\...\Drivers32\"midimapper"="midimap.dll"
O52 - TDSD:HKLM\...\Drivers32\"wavemapper"="msacm32.drv"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.UYVY"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YUY2"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVYU"="msyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.IYUV"="iyuv_32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.I420"="msh263.drv"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.YVU9"="tsbyuv.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm"
O52 - TDSD:HKLM\...\Drivers32\"vidc.cvid"="iccvid.dll"
O52 - TDSD:HKLM\...\Drivers32\"wave"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"midi"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"mixer"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"aux"="wdmaud.drv"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.dvsd"="C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll"
O52 - TDSD:HKLM\...\Drivers32\"msacm.siren"="sirenacm.dll"
O52 - TDSD:HKLM\...\Drivers32\"MSVideo8"="VfWWDM32.dll"
O52 - TDSD:HKLM\...\Drivers32\"VIDC.WMV3"="wmv9vcm.dll"

---\\
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - "SecurityProviders"=credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - "SecurityProviders"=credssp.dll

---\\
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

---\\
O56 - MWPE:[HKCU\...\Policies\Explorer] - "NoDriveTypeAutoRun"=145

End of the scan:
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

j'ai du mal à croire à autre chose qu'une infection.

essaye ceci :

Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

0
Réponse 66 / 86
mat
 
ComboFix 09-05-07.03 - Matthieu 07/05/2009 21:10.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2038.1476 [GMT 2:00]
Lancé depuis: c:\users\Matthieu\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-07 au 2009-05-07 ))))))))))))))))))))))))))))))))))))
.

2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\3753da3a9fb808f25d0f4b4ce3a922c5
2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\e45cdfa8ba675f105765a170b3
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\programdata\NortonInstaller
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\users\All Users\NortonInstaller
2009-05-06 19:16 . 2009-05-07 08:26 -------- d-----w c:\users\Matthieu\DoctorWeb
2009-05-05 21:27 . 2009-05-05 21:10 47560 ----a-w c:\windows\system32\SPReview.exe
2009-05-05 21:27 . 2009-05-05 21:10 152576 ----a-w c:\windows\system32\SPWizUI.dll
2009-05-05 20:55 . 2008-01-18 21:33 44032 ----a-w c:\windows\system32\cbsra.exe
2009-05-05 20:55 . 2009-05-05 20:56 -------- d-----w C:\ebb871ffd74f4ef90e8f8e4f
2009-05-05 20:55 . 2009-05-05 20:55 -------- d-----w C:\491adcfcf13b00baed30
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w C:\_OTMoveIt
2009-05-05 17:07 . 2009-05-05 17:12 -------- d-----w c:\program files\trend micro
2009-05-05 17:07 . 2009-05-05 17:08 -------- d-----w C:\rsit
2009-05-05 08:53 . 2009-05-05 20:10 -------- d-----w C:\UsbFix
2009-05-05 08:46 . 2009-05-05 08:48 -------- d-----w C:\ToolBar SD
2009-05-05 08:43 . 2009-05-05 08:43 -------- d-sh--w C:\$RECYCLE.BIN
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\Matthieu\AppData\Roaming\Malwarebytes
2009-05-04 10:47 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-04 10:47 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\programdata\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 18:07 . 2009-05-03 18:07 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-04-10 10:33 . 2006-11-28 18:46 28224 ----a-w c:\windows\system32\drivers\PCAMp50.sys
2009-04-10 10:33 . 2006-11-28 18:46 27072 ----a-w c:\windows\system32\drivers\PCASp50.sys
2009-04-10 10:31 . 2009-04-10 10:31 -------- d-----w c:\program files\Securitoo
2009-04-10 10:29 . 2009-04-10 10:29 -------- d-----w c:\program files\Common Files\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-07 18:39 . 2006-11-02 15:48 745318 ----a-w c:\windows\system32\perfh00C.dat
2009-05-07 18:39 . 2006-11-02 15:48 140414 ----a-w c:\windows\system32\perfc00C.dat
2009-05-07 14:12 . 2008-05-27 09:53 1356 ----a-w c:\users\Matthieu\AppData\Local\d3d9caps.dat
2009-05-07 13:43 . 2008-05-24 13:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-05 19:35 . 2008-05-27 09:53 106640 ----a-w c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 17:04 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-02 11:42 . 2009-04-02 11:42 -------- d-----w c:\program files\WMV9_VCM
2009-03-21 14:22 . 2009-03-21 14:20 -------- d-----w c:\program files\PDFCreator
2009-03-21 14:21 . 2009-03-21 14:21 -------- d-----w c:\program files\pdfforge Toolbar
2009-03-19 10:59 . 2007-11-07 13:17 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-18 08:45 . 2007-11-07 13:21 -------- d-----w c:\program files\DivX
2009-03-17 03:16 . 2009-04-16 22:25 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 22:25 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-16 22:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 22:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 22:24 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 22:25 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 22:25 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 22:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 22:24 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 22:25 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 22:25 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 22:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 22:24 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 22:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 22:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 22:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 22:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-13 07:26 . 2009-04-16 22:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 07:26 . 2009-04-16 22:25 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-16 22:25 7680 ----a-w c:\windows\system32\lsass.exe
2009-02-09 01:59 . 2009-03-11 10:38 2028032 ----a-w c:\windows\system32\win32k.sys
2008-12-13 10:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-12 29744]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-06 198160]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{58CDA8C9-C883-4B6E-A05F-1BDA9371B7B1}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{4C6F3B17-7AED-4F83-B7CF-9B48FB0C959E}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B89EE9B4-9094-45F4-96C5-D9044E7A060C}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{D5013AE2-391B-48AD-A951-920057EB211E}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{B2A37831-7599-4AFA-99FE-5F86422B719F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{7BBEA102-9ADE-4DDB-AF20-6297F3379B6F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{6382DFC2-D235-4AB3-9FD6-8A155051BC86}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{74215158-21E9-4E59-B4B1-C9E24F84DE7F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{A5EA9615-FC11-4743-9E59-AE88B162B30F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{50AE8A22-E75C-4BAC-83FC-6BE90F00BFA6}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{C6DCBD39-F4F5-4766-A546-DD9BEF7A1A30}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{51DCB9B6-46E2-4125-B0B3-9DCA6BCD5DED}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{C45425B5-A9EC-47E7-8351-402ED05C12EF}"= Disabled:UDP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{4E05C8D9-3871-49E5-B258-5106909751C1}"= Disabled:TCP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F2B0AFA5-6697-4B0E-9C42-470937F48683}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C2F9105B-B21F-40A0-B843-61073D1799DB}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{106BCE31-D7ED-4FC3-9739-EAF80124595A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{9A9B623C-E030-44F2-BF8C-AEB564907D22}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{871864FE-8DCB-4B0C-88A9-97B2423B59AD}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{D08A613D-F523-4AEF-B88C-EA7FDB1EFC9F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{85717844-719B-46F7-970A-221F04D76271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F1E56A31-0088-47A8-8A55-E32FACF629A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{13D526A5-0CD0-4B54-9D9A-68FD6EAE6659}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0B6C8167-8EFD-46C5-9420-63C61FA909E2}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{69F583CE-CF88-4A53-927B-B4810B6EBE17}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{1EAFE4A3-5434-4CF8-A670-46E8F8DCD1F9}"= UDP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool
"{D21DFE5B-B05B-4682-8D74-BB872522801E}"= TCP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Cam Do\\CamDo.exe"= c:\program files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [7/11/2007 20:42 9344]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 12:13 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 12:13 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/05/2008 12:13 51792]
S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 9:46 30312]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [24/05/2008 16:11 204800]
S2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [24/05/2008 15:52 745472]
S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24/05/2008 15:52 397312]
S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24/05/2008 15:52 1089536]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/11/2007 15:21 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
S3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [3/06/2008 16:30 91830]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/04/2009 12:33 28224]
S3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [7/11/2007 20:42 812544]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [24/05/2008 16:01 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [24/05/2008 16:02 79136]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-vaio.com
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\3jp21u1r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-07 21:15
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
Heure de fin: 2009-05-07 21:17
ComboFix-quarantined-files.txt 2009-05-07 19:16

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Après-CF: 30.683.826.176 octets libres

219 --- E O F --- 2009-04-28 07:28
0
Réponse 67 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

pas d'amélioration ?
0
Réponse 68 / 86
mat
 
bah un peu, tout à l'heure en redemarrant mon ordinateur en mode normal, j'ai reussi à me connecter à internet, mais l'icone de connexion réseau situé en bas a droite dans la barre des taches restait inactive (2 ordi avec une croix rouge), mais apres j'ai essayé de démarrer le panneau de configuration et la ca a commencé a bloquer.

apres avoir reessayé plusieurs fois en allant directement sur connexion dans le menu demarrer, la connexion se fait mais l'icone restait inactive ... et toujours le meme probleme ca bloque...
0
Réponse 69 / 86
mat
 
bon j'ai du nouveau.

j'ai fait un nettoyage de disque et fait supprimer tout ce qu'il me disait de supprimer...

j'ai redémarrer mon ordinateur en mode normal et tout à l'air normal...

à n'y rien comprendre.

du coup je ne sais pas trop ce que c'etait surement un virus qd meme?

en tout cas merci pour tout
0
Réponse 70 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

on va nettoyer les outils.

Démarrer, Exécuter, tape 
combofix /u
dans la zone de saisie puis clique sur OK.

* Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau.

http://pc-system.fr/
hxxp://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

* Fais un clic droit et exécuter en tant qu'administrateur.

* Clique sur Recherche et laisse le scan se terminer.

* Clique, sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
0
Réponse 71 / 86
mat
 
bon j'ai toujours quelque chose je pense.

En mode normal la connexion se fait une fois sur deux et les programmes marchent que de temps en temps.

impossible de lancer cleaner ca bloque,
j'ai refait une analyse combofix :

ComboFix 09-05-07.06 - Matthieu 08/05/2009 12:23.2 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2038.1500 [GMT 2:00]
Lancé depuis: c:\users\Matthieu\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 ))))))))))))))))))))))))))))))))))))
.

2009-05-08 09:55 . 2009-05-08 09:55 -------- d-----w c:\users\Matthieu\AppData\Roaming\AVG8
2009-05-08 09:43 . 2009-05-08 09:43 -------- d-----w c:\program files\CCleaner
2009-05-08 09:37 . 2009-05-08 09:37 -------- d-----w c:\program files\ewido anti-spyware 4.0
2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\3753da3a9fb808f25d0f4b4ce3a922c5
2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\e45cdfa8ba675f105765a170b3
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\programdata\NortonInstaller
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\users\All Users\NortonInstaller
2009-05-06 19:16 . 2009-05-07 08:26 -------- d-----w c:\users\Matthieu\DoctorWeb
2009-05-05 21:27 . 2009-05-05 21:10 47560 ----a-w c:\windows\system32\SPReview.exe
2009-05-05 21:27 . 2009-05-05 21:10 152576 ----a-w c:\windows\system32\SPWizUI.dll
2009-05-05 20:55 . 2008-01-18 21:33 44032 ----a-w c:\windows\system32\cbsra.exe
2009-05-05 20:55 . 2009-05-05 20:56 -------- d-----w C:\ebb871ffd74f4ef90e8f8e4f
2009-05-05 20:55 . 2009-05-05 20:55 -------- d-----w C:\491adcfcf13b00baed30
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w C:\_OTMoveIt
2009-05-05 17:07 . 2009-05-05 17:12 -------- d-----w c:\program files\trend micro
2009-05-05 17:07 . 2009-05-05 17:08 -------- d-----w C:\rsit
2009-05-05 08:53 . 2009-05-05 20:10 -------- d-----w C:\UsbFix
2009-05-05 08:46 . 2009-05-05 08:48 -------- d-----w C:\ToolBar SD
2009-05-05 08:43 . 2009-05-05 08:43 -------- d-sh--w C:\$RECYCLE.BIN
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\Matthieu\AppData\Roaming\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\programdata\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-03 18:07 . 2009-05-03 18:07 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-04-10 10:33 . 2006-11-28 18:46 28224 ----a-w c:\windows\system32\drivers\PCAMp50.sys
2009-04-10 10:33 . 2006-11-28 18:46 27072 ----a-w c:\windows\system32\drivers\PCASp50.sys
2009-04-10 10:31 . 2009-04-10 10:31 -------- d-----w c:\program files\Securitoo
2009-04-10 10:29 . 2009-04-10 10:29 -------- d-----w c:\program files\Common Files\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 09:42 . 2006-11-02 15:48 745318 ----a-w c:\windows\system32\perfh00C.dat
2009-05-08 09:42 . 2006-11-02 15:48 140414 ----a-w c:\windows\system32\perfc00C.dat
2009-05-07 19:30 . 2008-05-27 09:53 1356 ----a-w c:\users\Matthieu\AppData\Local\d3d9caps.dat
2009-05-07 13:43 . 2008-05-24 13:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-05 19:35 . 2008-05-27 09:53 106640 ----a-w c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 17:04 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-02 11:42 . 2009-04-02 11:42 -------- d-----w c:\program files\WMV9_VCM
2009-03-21 14:22 . 2009-03-21 14:20 -------- d-----w c:\program files\PDFCreator
2009-03-21 14:21 . 2009-03-21 14:21 -------- d-----w c:\program files\pdfforge Toolbar
2009-03-19 10:59 . 2007-11-07 13:17 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-18 08:45 . 2007-11-07 13:21 -------- d-----w c:\program files\DivX
2009-03-17 03:16 . 2009-04-16 22:25 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 22:25 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-16 22:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 22:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 22:24 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 22:25 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 22:25 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 22:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 22:24 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 22:25 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 22:25 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 22:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 22:24 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 22:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 22:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 22:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 22:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-13 07:26 . 2009-04-16 22:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 07:26 . 2009-04-16 22:25 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-16 22:25 7680 ----a-w c:\windows\system32\lsass.exe
2009-02-09 01:59 . 2009-03-11 10:38 2028032 ----a-w c:\windows\system32\win32k.sys
2008-12-13 10:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_19.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-27 09:54 . 2009-05-08 10:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-27 09:54 . 2009-05-08 10:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-05-08 09:42 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 121446 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-08 09:42 121446 c:\windows\System32\perfc009.dat
+ 2008-05-27 09:54 . 2009-05-08 10:06 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-12 29744]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-06 198160]
"!ewido"="c:\program files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 6283264]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{58CDA8C9-C883-4B6E-A05F-1BDA9371B7B1}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{4C6F3B17-7AED-4F83-B7CF-9B48FB0C959E}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B89EE9B4-9094-45F4-96C5-D9044E7A060C}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{D5013AE2-391B-48AD-A951-920057EB211E}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{B2A37831-7599-4AFA-99FE-5F86422B719F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{7BBEA102-9ADE-4DDB-AF20-6297F3379B6F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{6382DFC2-D235-4AB3-9FD6-8A155051BC86}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{74215158-21E9-4E59-B4B1-C9E24F84DE7F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{A5EA9615-FC11-4743-9E59-AE88B162B30F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{50AE8A22-E75C-4BAC-83FC-6BE90F00BFA6}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{C6DCBD39-F4F5-4766-A546-DD9BEF7A1A30}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{51DCB9B6-46E2-4125-B0B3-9DCA6BCD5DED}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{C45425B5-A9EC-47E7-8351-402ED05C12EF}"= Disabled:UDP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{4E05C8D9-3871-49E5-B258-5106909751C1}"= Disabled:TCP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F2B0AFA5-6697-4B0E-9C42-470937F48683}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C2F9105B-B21F-40A0-B843-61073D1799DB}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{106BCE31-D7ED-4FC3-9739-EAF80124595A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{9A9B623C-E030-44F2-BF8C-AEB564907D22}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{871864FE-8DCB-4B0C-88A9-97B2423B59AD}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{D08A613D-F523-4AEF-B88C-EA7FDB1EFC9F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{85717844-719B-46F7-970A-221F04D76271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F1E56A31-0088-47A8-8A55-E32FACF629A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{13D526A5-0CD0-4B54-9D9A-68FD6EAE6659}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0B6C8167-8EFD-46C5-9420-63C61FA909E2}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{69F583CE-CF88-4A53-927B-B4810B6EBE17}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{1EAFE4A3-5434-4CF8-A670-46E8F8DCD1F9}"= UDP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool
"{D21DFE5B-B05B-4682-8D74-BB872522801E}"= TCP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Cam Do\\CamDo.exe"= c:\program files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [7/11/2007 20:42 9344]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 12:13 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 12:13 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/05/2008 12:13 51792]
S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 9:46 30312]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [24/05/2008 16:11 204800]
S2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [24/05/2008 15:52 745472]
S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24/05/2008 15:52 397312]
S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24/05/2008 15:52 1089536]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/11/2007 15:21 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
S3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [3/06/2008 16:30 91830]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/04/2009 12:33 28224]
S3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [7/11/2007 20:42 812544]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [24/05/2008 16:01 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [24/05/2008 16:02 79136]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-vaio.com
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\3jp21u1r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 12:26
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0/u000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000003d
.
Heure de fin: 2009-05-08 12:27
ComboFix-quarantined-files.txt 2009-05-08 10:27
ComboFix2.txt 2009-05-07 19:17

Avant-CF: 31.632.535.552 octets libres
Après-CF: 31.892.486.144 octets libres

229 --- E O F --- 2009-04-28 07:28
0
Réponse 72 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonjour,

je crains aussi une infection (mais alors c'est un rootkit bien caché).

Fais ceci (mais je doute) :

Copie ou imprime les instructions avant

Déconnecte toi d'internet et ferme toutes tes applications.

Désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.

==============

CCleaner bloque sur

- nettoyage du système de fichiers

- nettoyage de la base de registre ?

==============

Essaye ceci :

=>/b Télécharge ATF-Cleaner (Attribune) : http://www.atribune.org/ccount/click.php?id=1
-- Met le sur ton bureau
Note: Pour augmenter l'efficacité nous l'utiliserons ultérieurement en mode sans echec

=> Lance ATF-Cleaner :
* Sous l'onglet Main, choisis : Select All
* Clique sur le bouton Empty Selected

* Sous l'onglet Firefox (si présent) : Clique sur select all
-- Au message "are you sure you want to delete your firefox saved password" clique sur NON
-- Clique sur Empty selected

* Sous l'onglet Opéra (si présent) : Clique sur select all
-- Au message "are you sure you want to delete your firefox saved password" clique sur NON
-- Clique sur Empty selected

* Quitte ATF-Cleaner

========================

Fais aussi :

Télécharge GMER :

ouvre ce lien http://www.gmer.net#files

clique sur download EXE et enregistre le fichier sur ton Bureau en lui donna nt le nom Antitibbs.

exécute le en faisant un double clic sur le fichier créé

choisis l'Onglet "Rootkit" , vérifie que tous les items à droite sont cochés.

clique sur "SCAN" puis patiente...

En fin de traitement clique sur "SAVE" et enregistre sur le Bureau "080509.txt"

Double clique sur "080509.txt" ; le fichier s'ouvre dans le bloc-notes
.
Copie le contenu et colle le dans ta réponse.
0
mat
 
en ce qui concerne combo fix:
j'ai fait ce que tu m'as dit mais combo fix est resté bloqué à "patienter combo fix va bientot démarrer" pendant au moins 15 minutes

pour ccleaner:
ca marche tres bien avec ce logiciel, c'est avec tools cleaner que ca ne marche pas(lien que tu m'as donné)

avec atf cleaner

l'onglet opera etait grisé et je n'ai pu le selectionner

pour gmer c'est en cours je te postes le resultat des que je l'ai ...
0
Réponse 73 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

pour combofix :

c:\users\Matthieu\Downloads\ComboFix.exe (au lieu de le mettre sur ton Bureau).

Sauvegarde le fichier CFScript dans c:\users\Matthieu\Downloads

0
Réponse 74 / 86
mat
 
bon pour combofix ca ne veut pas se lancer comme tu m'as dit ni en mode normal...

pour gmer voici le rapport:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-08 19:05:32
Windows 6.0.6000

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0x8C8BC00A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0x8C8BBF4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0x8C8BBFAE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2924] kernel32.dll!ExitProcess 7674D84E 5 Bytes JMP 05052422 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2924] USER32.dll!MessageBoxA 75E656DF 5 Bytes JMP 050523CC C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2924] USER32.dll!MessageBoxW 75E9FBED 5 Bytes JMP 050523F7 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00200002
IAT C:\Windows\system32\services.exe[548] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00200000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
0
Réponse 75 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

rien dans le rapport Gmer.

Déplace Combofix.exe sur ton Bureau.

Déplace script.exe sur ton Bureau.

Fait un glisser/déposer de ce fichier CFscript sur le fichier ComboFix.exe

Clique sur le fichier CFscript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFscrïpt vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Réactive ton parefeu, ton antivirus, la garde de ton antispyware

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Attention : cette manip a été fait pour cet ordi. Tout réutilisation peut endommager sévèrement le système d'exploitation.
0
Réponse 76 / 86
mat
 
voila ce que ca donne ( en mode sans echec car en mode normal ca ne se lance pas):

ComboFix 09-05-07.06 - Matthieu 08/05/2009 21:17.4 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2038.1619 [GMT 2:00]
Lancé depuis: c:\users\Matthieu\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\Matthieu\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090502-0] *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-08 au 2009-05-08 ))))))))))))))))))))))))))))))))))))
.

2009-05-08 09:55 . 2009-05-08 09:55 -------- d-----w c:\users\Matthieu\AppData\Roaming\AVG8
2009-05-08 09:43 . 2009-05-08 09:43 -------- d-----w c:\program files\CCleaner
2009-05-08 09:37 . 2009-05-08 11:22 -------- d-----w c:\program files\ewido anti-spyware 4.0
2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\e45cdfa8ba675f105765a170b3
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\programdata\NortonInstaller
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\users\All Users\NortonInstaller
2009-05-06 19:16 . 2009-05-07 08:26 -------- d-----w c:\users\Matthieu\DoctorWeb
2009-05-05 21:27 . 2009-05-05 21:10 47560 ----a-w c:\windows\system32\SPReview.exe
2009-05-05 21:27 . 2009-05-05 21:10 152576 ----a-w c:\windows\system32\SPWizUI.dll
2009-05-05 20:55 . 2008-01-18 21:33 44032 ----a-w c:\windows\system32\cbsra.exe
2009-05-05 20:55 . 2009-05-05 20:56 -------- d-----w C:\ebb871ffd74f4ef90e8f8e4f
2009-05-05 20:55 . 2009-05-05 20:55 -------- d-----w C:\491adcfcf13b00baed30
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w C:\_OTMoveIt
2009-05-05 17:07 . 2009-05-05 17:12 -------- d-----w c:\program files\trend micro
2009-05-05 17:07 . 2009-05-05 17:08 -------- d-----w C:\rsit
2009-05-05 08:53 . 2009-05-05 20:10 -------- d-----w C:\UsbFix
2009-05-05 08:46 . 2009-05-05 08:48 -------- d-----w C:\ToolBar SD
2009-05-05 08:43 . 2009-05-05 08:43 -------- d-sh--w C:\$RECYCLE.BIN
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\Matthieu\AppData\Roaming\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\programdata\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-03 18:07 . 2009-05-03 18:07 -------- d-----w c:\windows\system32\Kaspersky Lab
2009-04-10 10:33 . 2006-11-28 18:46 28224 ----a-w c:\windows\system32\drivers\PCAMp50.sys
2009-04-10 10:33 . 2006-11-28 18:46 27072 ----a-w c:\windows\system32\drivers\PCASp50.sys
2009-04-10 10:31 . 2009-04-10 10:31 -------- d-----w c:\program files\Securitoo
2009-04-10 10:29 . 2009-04-10 10:29 -------- d-----w c:\program files\Common Files\France Telecom

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 19:13 . 2006-11-02 15:48 745318 ----a-w c:\windows\system32\perfh00C.dat
2009-05-08 19:13 . 2006-11-02 15:48 140414 ----a-w c:\windows\system32\perfc00C.dat
2009-05-08 17:47 . 2008-05-27 09:53 1356 ----a-w c:\users\Matthieu\AppData\Local\d3d9caps.dat
2009-05-07 13:43 . 2008-05-24 13:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-05 19:35 . 2008-05-27 09:53 106640 ----a-w c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 17:04 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-02 11:42 . 2009-04-02 11:42 -------- d-----w c:\program files\WMV9_VCM
2009-03-21 14:22 . 2009-03-21 14:20 -------- d-----w c:\program files\PDFCreator
2009-03-21 14:21 . 2009-03-21 14:21 -------- d-----w c:\program files\pdfforge Toolbar
2009-03-19 10:59 . 2007-11-07 13:17 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-18 08:45 . 2007-11-07 13:21 -------- d-----w c:\program files\DivX
2009-03-17 03:16 . 2009-04-16 22:25 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 22:25 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-16 22:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 22:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 22:24 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 22:25 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 22:25 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 22:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 22:24 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 22:25 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 22:25 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 22:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 22:24 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 22:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 22:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 22:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 22:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-13 07:26 . 2009-04-16 22:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 07:26 . 2009-04-16 22:25 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-16 22:25 7680 ----a-w c:\windows\system32\lsass.exe
2009-02-09 01:59 . 2009-03-11 10:38 2028032 ----a-w c:\windows\system32\win32k.sys
2008-12-13 10:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_19.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-27 09:54 . 2009-05-08 19:06 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-27 09:54 . 2009-05-08 19:06 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-05-08 19:13 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 121446 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-08 19:13 121446 c:\windows\System32\perfc009.dat
+ 2008-05-27 09:54 . 2009-05-08 19:06 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-12 29744]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-06 198160]
"!ewido"="c:\program files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 6283264]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{58CDA8C9-C883-4B6E-A05F-1BDA9371B7B1}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{4C6F3B17-7AED-4F83-B7CF-9B48FB0C959E}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B89EE9B4-9094-45F4-96C5-D9044E7A060C}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{D5013AE2-391B-48AD-A951-920057EB211E}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{B2A37831-7599-4AFA-99FE-5F86422B719F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{7BBEA102-9ADE-4DDB-AF20-6297F3379B6F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{6382DFC2-D235-4AB3-9FD6-8A155051BC86}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{74215158-21E9-4E59-B4B1-C9E24F84DE7F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{A5EA9615-FC11-4743-9E59-AE88B162B30F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{50AE8A22-E75C-4BAC-83FC-6BE90F00BFA6}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{C6DCBD39-F4F5-4766-A546-DD9BEF7A1A30}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{51DCB9B6-46E2-4125-B0B3-9DCA6BCD5DED}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{C45425B5-A9EC-47E7-8351-402ED05C12EF}"= Disabled:UDP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{4E05C8D9-3871-49E5-B258-5106909751C1}"= Disabled:TCP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F2B0AFA5-6697-4B0E-9C42-470937F48683}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C2F9105B-B21F-40A0-B843-61073D1799DB}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{106BCE31-D7ED-4FC3-9739-EAF80124595A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{9A9B623C-E030-44F2-BF8C-AEB564907D22}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{871864FE-8DCB-4B0C-88A9-97B2423B59AD}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{D08A613D-F523-4AEF-B88C-EA7FDB1EFC9F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{85717844-719B-46F7-970A-221F04D76271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F1E56A31-0088-47A8-8A55-E32FACF629A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{13D526A5-0CD0-4B54-9D9A-68FD6EAE6659}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0B6C8167-8EFD-46C5-9420-63C61FA909E2}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{69F583CE-CF88-4A53-927B-B4810B6EBE17}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{1EAFE4A3-5434-4CF8-A670-46E8F8DCD1F9}"= UDP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool
"{D21DFE5B-B05B-4682-8D74-BB872522801E}"= TCP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Cam Do\\CamDo.exe"= c:\program files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [7/11/2007 20:42 9344]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 12:13 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 12:13 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/05/2008 12:13 51792]
S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 9:46 30312]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [24/05/2008 16:11 204800]
S2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [24/05/2008 15:52 745472]
S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24/05/2008 15:52 397312]
S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24/05/2008 15:52 1089536]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/11/2007 15:21 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
S3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [3/06/2008 16:30 91830]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/04/2009 12:33 28224]
S3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [7/11/2007 20:42 812544]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [24/05/2008 16:01 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [24/05/2008 16:02 79136]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-vaio.com
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\3jp21u1r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-08 21:20
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-05-08 21:21
ComboFix-quarantined-files.txt 2009-05-08 19:21
ComboFix2.txt 2009-05-08 10:27
ComboFix3.txt 2009-05-07 19:17

Avant-CF: 31.505.498.112 octets libres
Après-CF: 31.397.584.896 octets libres

223 --- E O F --- 2009-04-28 07:28
0
Réponse 77 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

OK,

essaye de relancer Combofix en mode normal (il semble que cela a fonctionné mais je préfère vérifier)
0
mat
 
c'est en mode sans echec car en mode normal ca ne marche pas...

ComboFix 09-05-07.06 - Matthieu 10/05/2009 13:15.5 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.2038.1604 [GMT 2:00]
Lancé depuis: c:\users\Matthieu\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090502-0] *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-10 au 2009-05-10 ))))))))))))))))))))))))))))))))))))
.

2009-05-10 10:05 . 2009-05-10 10:05 -------- d-----w c:\users\Matthieu\AppData\Local\Adobe
2009-05-08 09:55 . 2009-05-08 09:55 -------- d-----w c:\users\Matthieu\AppData\Roaming\AVG8
2009-05-08 09:43 . 2009-05-08 09:43 -------- d-----w c:\program files\CCleaner
2009-05-08 09:37 . 2009-05-08 11:22 -------- d-----w c:\program files\ewido anti-spyware 4.0
2009-05-07 18:32 . 2009-05-07 18:32 -------- d-----w C:\e45cdfa8ba675f105765a170b3
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\programdata\NortonInstaller
2009-05-07 13:42 . 2009-05-07 13:42 -------- d-----w c:\users\All Users\NortonInstaller
2009-05-06 19:16 . 2009-05-07 08:26 -------- d-----w c:\users\Matthieu\DoctorWeb
2009-05-05 21:27 . 2009-05-05 21:10 47560 ----a-w c:\windows\system32\SPReview.exe
2009-05-05 21:27 . 2009-05-05 21:10 152576 ----a-w c:\windows\system32\SPWizUI.dll
2009-05-05 20:55 . 2008-01-18 21:33 44032 ----a-w c:\windows\system32\cbsra.exe
2009-05-05 20:55 . 2009-05-05 20:56 -------- d-----w C:\ebb871ffd74f4ef90e8f8e4f
2009-05-05 20:55 . 2009-05-05 20:55 -------- d-----w C:\491adcfcf13b00baed30
2009-05-05 19:25 . 2009-05-05 19:25 -------- d-----w C:\_OTMoveIt
2009-05-05 17:07 . 2009-05-05 17:12 -------- d-----w c:\program files\trend micro
2009-05-05 17:07 . 2009-05-05 17:08 -------- d-----w C:\rsit
2009-05-05 08:53 . 2009-05-05 20:10 -------- d-----w C:\UsbFix
2009-05-05 08:46 . 2009-05-05 08:48 -------- d-----w C:\ToolBar SD
2009-05-05 08:43 . 2009-05-05 08:43 -------- d-sh--w C:\$RECYCLE.BIN
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\Matthieu\AppData\Roaming\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\programdata\Malwarebytes
2009-05-04 10:47 . 2009-05-04 10:47 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-03 18:07 . 2009-05-03 18:07 -------- d-----w c:\windows\system32\Kaspersky Lab

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 10:05 . 2006-11-02 15:48 745318 ----a-w c:\windows\system32\perfh00C.dat
2009-05-10 10:05 . 2006-11-02 15:48 140414 ----a-w c:\windows\system32\perfc00C.dat
2009-05-08 19:30 . 2008-05-27 09:53 1356 ----a-w c:\users\Matthieu\AppData\Local\d3d9caps.dat
2009-05-07 13:43 . 2008-05-24 13:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-05 19:35 . 2008-05-27 09:53 106640 ----a-w c:\users\Matthieu\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-17 17:04 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-10 10:31 . 2009-04-10 10:31 -------- d-----w c:\program files\Securitoo
2009-04-10 10:29 . 2009-04-10 10:29 -------- d-----w c:\program files\Common Files\France Telecom
2009-04-02 11:42 . 2009-04-02 11:42 -------- d-----w c:\program files\WMV9_VCM
2009-03-21 14:22 . 2009-03-21 14:20 -------- d-----w c:\program files\PDFCreator
2009-03-21 14:21 . 2009-03-21 14:21 -------- d-----w c:\program files\pdfforge Toolbar
2009-03-19 10:59 . 2007-11-07 13:17 -------- d-----w c:\program files\Microsoft SQL Server
2009-03-18 08:45 . 2007-11-07 13:21 -------- d-----w c:\program files\DivX
2009-03-17 03:16 . 2009-04-16 22:25 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 22:25 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:24 . 2009-04-16 22:25 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 22:25 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 22:24 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 22:25 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 22:25 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 22:25 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 22:24 56320 ----a-w c:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 22:25 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 22:25 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 22:25 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 22:24 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:15 . 2009-04-16 22:24 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 22:25 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 22:24 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 22:24 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-02-13 07:26 . 2009-04-16 22:25 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 07:26 . 2009-04-16 22:25 1233408 ----a-w c:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-16 22:25 7680 ----a-w c:\windows\system32\lsass.exe
2008-12-13 10:14 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-05-07_19.15.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-27 09:54 . 2009-05-10 09:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-27 09:54 . 2009-05-10 09:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:33 . 2009-05-10 10:05 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 656850 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-07 18:39 121446 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-05-10 10:05 121446 c:\windows\System32\perfc009.dat
+ 2008-05-27 09:54 . 2009-05-10 09:58 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-27 09:54 . 2009-05-07 18:31 1523712 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-01-30 14:12 650752 ----a-w c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752]

[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-12 29744]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-07 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-06 198160]
"!ewido"="c:\program files\ewido anti-spyware 4.0\ewido.exe" [2006-06-16 6283264]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-25 4669440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Matthieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05 98304 ----a-w c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{58CDA8C9-C883-4B6E-A05F-1BDA9371B7B1}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{4C6F3B17-7AED-4F83-B7CF-9B48FB0C959E}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{B89EE9B4-9094-45F4-96C5-D9044E7A060C}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{D5013AE2-391B-48AD-A951-920057EB211E}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe:[VAIO Media] Integrated Server
"{B2A37831-7599-4AFA-99FE-5F86422B719F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{7BBEA102-9ADE-4DDB-AF20-6297F3379B6F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe:[VAIO Media] HTTP Server
"{6382DFC2-D235-4AB3-9FD6-8A155051BC86}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{74215158-21E9-4E59-B4B1-C9E24F84DE7F}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe:[VAIO Media] Content Collection
"{A5EA9615-FC11-4743-9E59-AE88B162B30F}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{50AE8A22-E75C-4BAC-83FC-6BE90F00BFA6}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe:[VAIO Media] UPnP Server
"{C6DCBD39-F4F5-4766-A546-DD9BEF7A1A30}"= UDP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{51DCB9B6-46E2-4125-B0B3-9DCA6BCD5DED}"= TCP:c:\program files\Sony\VAIO Media Integrated Server\Platform\VmServerSettings.exe:[VAIO Media] SNAC Server
"{C45425B5-A9EC-47E7-8351-402ED05C12EF}"= Disabled:UDP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{4E05C8D9-3871-49E5-B258-5106909751C1}"= Disabled:TCP:c:\users\Matthieu\AppData\Local\Temp\7zSC950.tmp\setup\HPZnui01.exe:hpznui01.exe
"{F2B0AFA5-6697-4B0E-9C42-470937F48683}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{C2F9105B-B21F-40A0-B843-61073D1799DB}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{106BCE31-D7ED-4FC3-9739-EAF80124595A}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"TCP Query User{9A9B623C-E030-44F2-BF8C-AEB564907D22}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{871864FE-8DCB-4B0C-88A9-97B2423B59AD}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{D08A613D-F523-4AEF-B88C-EA7FDB1EFC9F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{85717844-719B-46F7-970A-221F04D76271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F1E56A31-0088-47A8-8A55-E32FACF629A8}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{13D526A5-0CD0-4B54-9D9A-68FD6EAE6659}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{0B6C8167-8EFD-46C5-9420-63C61FA909E2}"= Disabled:UDP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{69F583CE-CF88-4A53-927B-B4810B6EBE17}"= Disabled:TCP:c:\program files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
"{1EAFE4A3-5434-4CF8-A670-46E8F8DCD1F9}"= UDP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool
"{D21DFE5B-B05B-4682-8D74-BB872522801E}"= TCP:c:\users\Matthieu\AppData\Local\Temp\7zS201D.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\River Past\\Cam Do\\CamDo.exe"= c:\program files\River Past\Cam Do\CamDo.exe:*:Enabled:River Past Cam Do

R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [7/11/2007 20:42 9344]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [27/05/2008 12:13 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [27/05/2008 12:13 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [27/05/2008 12:13 51792]
S2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 9:46 30312]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [24/05/2008 16:11 204800]
S2 regi;regi;c:\windows\System32\drivers\regi.sys [17/04/2007 20:09 11032]
S2 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [24/05/2008 15:52 745472]
S2 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24/05/2008 15:52 397312]
S2 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24/05/2008 15:52 1089536]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/11/2007 15:21 29744]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
S3 P0630VID;Creative WebCam Live!;c:\windows\System32\drivers\P0630Vid.sys [3/06/2008 16:30 91830]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [10/04/2009 12:33 28224]
S3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [7/11/2007 20:42 812544]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [24/05/2008 16:01 292128]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [24/05/2008 16:02 79136]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.club-vaio.com
mWindow Title =
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\users\Matthieu\AppData\Roaming\Mozilla\Firefox\Profiles\3jp21u1r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr
FF - component: c:\program files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components\pdfforgeToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 13:19
Windows 6.0.6000 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-05-10 13:20
ComboFix-quarantined-files.txt 2009-05-10 11:20
ComboFix2.txt 2009-05-08 19:21
ComboFix3.txt 2009-05-08 10:27
ComboFix4.txt 2009-05-07 19:17

Avant-CF: 31.467.558.912 octets libres
Après-CF: 31.392.532.480 octets libres

220 --- E O F --- 2009-04-28 07:28
0
Réponse 78 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

in va réessayer de faire du ménage.

Supprime ToolsCleaner sur ton Bureau.

Vérifier que l'UAC est bien désactivée.

Démarrer, Exécuter, tape 
combofix /u
dans la zone de saisie puis clique sur OK.

* Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau.

http://pc-system.fr/
hxxp://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
hxxp://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe

* Fais un clic droit et exécuter en tant qu'administrateur sur Toolscleaner.exe.

* Clique sur Recherche et laisse le scan se terminer.

* Clique, sur Suppression pour finaliser.

* Tu peux, si tu le souhaites, te servir des Options facultatives.

* Clique sur Quitter, pour que le rapport puisse se créer.

* Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

0
mat
 
bonsoir,

pour combofix ca ne marche toujours pas en mode normal... (une fenetre s'affiche disant que ca va se lancer et qu'il faut patienter, mais je n'ai toujours rien au bout de 30 min...)

voici le rapport de t cleaner:

[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\Users\Matthieu\DoctorWeb\Quarantine\UsbFix.exe: trouvé !
C:\Users\Matthieu\Downloads\ComboFix.exe: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Users\Matthieu\Downloads\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Combofix.txt: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\Users\Matthieu\DoctorWeb\Quarantine\UsbFix.exe: supprimé !
C:\Combofix: ERREUR DE SUPPRESSION !!
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\UsbFix: supprimé !
C:\Rsit: supprimé !
0
Réponse 79 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

fais ceci :

Télécharge AVZ ici :http://www.z-oleg.com/avz4.zip et enregistre le sur ton Bureau.

Dézippe par un clic droit et Choisis "Extraire tout". Suis les instructions.

Lance l'outil par un double clic (sous Vista par un clic droit et "Exécuter en tant qu'administrateur") sur AVZ.exe.

La fenêtre principale s'ouvre. Clique sur File puis sur Custom Scripts.

Copy les lignes suivantes dans la fenêtre de saisie : 

begin
ExecuteStdScr(3);
RebootWindows(true);
end.


Clic sur Run pour exécuter le script. L'ordi va redémarrer. Dans le répertoire où est AVZ.exe, un sous-répertoire LOG a été créé. Tu vas y trouver le fichier virusinfo_syscure.zip.

CCM ne permet pas d'attacher un fichier. Pour me le transmettre, clique sur ce lien :

http://www.cijoint.fr/

Clique sur Parcourir et cherche le fichier ci-dessus.

Clique sur Ouvrir.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.
0
mat
 
voici le lien:

http://www.cijoint.fr/cjlink.php?file=cj200905/cijEQpXVR4.zip
0
Réponse 80 / 86
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Re,

toujours rien.

Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe
et enregistre le fichier sur le Bureau.

Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Faix un clic droit sur mbr.exe et Exécuter en tant qu'administrateur.

Un rapport sera généré : mbr.log

Poste ce rapport.
0
mat
 
bon le rapport se génère très rapidement genre 2s...

voici le rapport :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
0

Discussions similaires

MMS d'un numéro inconnu
Akiss72899 -
Akiss72899 -

4 réponses
Dossiers "Album inconnu" ??
MioneA -
mr.amaranth -

9 réponses
je voudrais devenir une artiste aidez-moi
danae-life-musique -
prypiat_child -

7 réponses
MMS numéro inconnu
Pironath -
bazfile -

1 réponse
je cherche l'artiste qui a chanté
uruguay -
patpoker -

2 réponses