Bonjour, l'adresse de mes pages internet sont en chinois je pense être infecté merci de votre aide

Adresse page internet CHINOIS !!!!

Réponse 41 / 90

Vanji Messages postés 164 Statut Membre 2

bonjour

jai avg et spybot mais je sais pas comment les désactiver dsl mais tu me dire comment merci ?

Réponse 42 / 90

loloetseb Messages postés 5684 Statut Membre 174

Regardes le lien ci dessous ,tu as la procedure pour desactiver les deux

https://forum.pcastuces.com/default.asp

Réponse 43 / 90

Vanji Messages postés 164 Statut Membre 2

ya un problème jai antispyuware et il m'empêche

comment faire pour free antispyware ?

Réponse 44 / 90

loloetseb Messages postés 5684 Statut Membre 174

free antispyware

c'est quoi cette antispyware?

Réponse 45 / 90

Vanji Messages postés 164 Statut Membre 2

Super anti spyware free editon celui la en version gratuite

http://1.bp.blogspot.com/...

jai malware bytes aussi mais lui c'est bon

Réponse 46 / 90

loloetseb Messages postés 5684 Statut Membre 174

Je t'ai juste parlé de ceux avec protection residente ,donc ca concerne ton antivirus avg et spyboot c'est tout les autres ,c'est pas un probleme.

Réponse 47 / 90

Vanji Messages postés 164 Statut Membre 2

ok je peux commencer alors ?

Réponse 48 / 90

loloetseb Messages postés 5684 Statut Membre 174

oui tu peux

Réponse 49 / 90

Vanji Messages postés 164 Statut Membre 2

voici le rapport

ComboFix 09-05-28.07 - yamine 29/05/2009 19:18.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2047.902 [GMT 2:00]
Lancé depuis: c:\users\yamine\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\yamine\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-29 ))))))))))))))))))))))))))))))))))))
.

2009-05-29 17:22 . 2009-05-29 17:22 -------- d-----w c:\users\mohamed\AppData\Local\temp
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 21:48 . 2009-05-28 21:49 -------- d-----w C:\rsit
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-13 11:22 . 2009-05-13 11:21 2051864 ----a-w c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-10 13:13 . 2009-05-10 21:44 -------- d-----w c:\program files\QuickTime
2009-05-10 13:13 . 2009-05-10 13:13 -------- d-----w c:\programdata\Apple Computer
2009-05-10 13:11 . 2009-05-10 13:11 -------- d-----w c:\program files\Apple Software Update
2009-05-10 13:11 . 2009-05-10 13:11 -------- d-----w c:\programdata\Apple
2009-05-06 10:06 . 2009-05-08 10:07 -------- d--h--w C:\$AVG8.VAULT$
2009-05-05 06:00 . 2009-05-04 13:07 2298680 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-05 06:00 . 2006-10-16 16:44 196608 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-05-05 06:00 . 2008-03-04 16:52 286720 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-05-05 06:00 . 2007-10-31 07:39 59904 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-05-05 06:00 . 2007-05-17 11:58 143360 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-05-05 06:00 . 2006-10-18 15:32 499712 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-05-05 06:00 . 2006-10-18 15:32 348160 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-05-05 06:00 . 2006-10-16 16:44 1028096 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-05-01 07:05 . 2009-05-01 07:05 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll
2009-05-01 06:47 . 2009-05-01 07:06 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-01 06:47 . 2009-05-01 07:05 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-01 06:47 . 2009-05-01 07:06 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-01 06:47 . 2009-05-01 07:06 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-01 06:47 . 2009-05-29 15:08 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-01 06:47 . 2009-05-01 07:06 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-01 06:47 . 2009-05-01 06:47 -------- d-----w c:\programdata\avg8
2009-04-30 13:46 . 2009-04-30 13:46 8854 ----a-r c:\users\yamine\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-04-30 13:46 . 2009-04-30 13:46 40960 ----a-r c:\users\yamine\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-04-30 13:46 . 2009-04-30 13:46 40960 ----a-r c:\users\yamine\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-30 13:46 . 2009-04-30 13:47 -------- d-----w c:\program files\Project64 1.6
2009-04-30 04:44 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 04:44 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 04:44 . 2009-05-28 19:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 17:21 . 2009-04-15 19:14 732002720 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-29 15:08 . 2007-12-03 13:45 -------- d-----w c:\programdata\Google Updater
2009-05-29 15:06 . 2009-03-21 19:53 117760 ----a-w c:\users\yamine\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-29 04:52 . 2009-04-15 19:14 8489828 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-28 21:52 . 2008-11-08 07:09 1 ----a-w c:\users\yamine\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-25 20:05 . 2009-03-30 22:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-15 22:52 . 2008-06-30 03:31 -------- d-----w c:\users\yamine\AppData\Roaming\Vso
2009-05-14 14:56 . 2008-05-02 21:26 -------- d-----w c:\users\yamine\AppData\Roaming\Azureus
2009-05-14 10:02 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-01 07:05 . 2009-05-13 11:22 424472 ----a-w c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-01 06:47 . 2009-05-01 07:06 10520 ----a-w c:\programdata\avg8\update\backup\avgrsstx.dll
2009-04-30 02:16 . 2009-03-21 19:52 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-27 08:53 . 2009-04-27 08:53 -------- d-----w c:\program files\Square Soft, Inc
2009-04-27 00:53 . 2007-06-13 13:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 00:53 . 2006-11-02 12:37 -------- d-----w c:\program files\Microsoft Games
2009-04-27 00:43 . 2008-05-06 19:21 -------- d-----w c:\program files\Java
2009-04-26 01:12 . 2008-08-18 17:34 -------- d-----w c:\program files\Trend Micro
2009-04-25 01:30 . 2007-11-28 19:12 -------- d-----w c:\programdata\NVIDIA
2009-04-22 03:57 . 2009-04-22 03:57 -------- d-----r c:\program files\Skype
2009-04-22 03:57 . 2008-09-15 01:53 -------- d-----w c:\programdata\Skype
2009-04-21 03:20 . 2008-03-16 19:10 -------- d-----w c:\program files\Azureus
2009-04-16 02:41 . 2009-04-16 02:41 -------- d-----w c:\programdata\is-BFDS0
2009-04-15 19:15 . 2009-04-15 19:15 -------- d-----w c:\programdata\is-44GK4
2009-04-14 18:24 . 2009-04-14 18:24 -------- d-----w c:\program files\Panda Security
2009-04-13 22:31 . 2008-04-02 14:36 -------- d-----w c:\program files\DNA
2009-04-13 22:20 . 2009-04-13 22:20 -------- d-----w c:\program files\InCode Solutions
2009-04-12 19:50 . 2009-04-11 16:51 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-11 20:35 . 2008-05-03 10:02 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-03 16:06 . 2007-06-13 23:07 678718 ----a-w c:\windows\system32\perfh00C.dat
2009-04-03 16:06 . 2007-06-13 23:07 127798 ----a-w c:\windows\system32\perfc00C.dat
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Templates
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Start Menu
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Favorites
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Documents
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Desktop
2009-03-31 20:42 . 2008-05-02 19:53 68224 ----a-w c:\users\yamine\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-31 20:40 . 2008-05-03 10:02 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-30 18:02 . 2009-03-30 18:02 68224 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-17 03:38 . 2009-04-16 21:29 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 21:29 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-03 04:46 . 2009-04-16 21:30 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 21:30 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 21:29 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 21:30 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 21:30 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 21:30 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 21:29 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 21:30 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 21:30 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 21:30 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 21:30 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 21:30 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 21:29 26624 ----a-w c:\windows\system32\ieUnatt.exe
2007-06-13 23:16 . 2007-06-13 23:16 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 11:46 1510424 ----a-w c:\program files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-25 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

c:\users\yamine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4D58F64C-48E9-46FF-AA35-00749E639CBF}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{0911F78A-604B-4487-819C-BDDF4D9BD29E}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{46C88CE7-3CB1-42EB-A98E-B15E8BEC378B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3760109E-6E4D-4DAD-88AD-46DF53958FB7}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{AE71AFC6-2AE1-4D3A-811B-A13149C3858E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{7849551B-B379-4315-9B33-7287E576A840}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{44AE04CF-001C-4D52-A49A-DCAE643F305C}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{4F067CF8-707A-4B5A-A764-4E7B8894731C}c:\\users\\yamine\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:c:\users\yamine\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{EDCF9E4D-9B09-42C4-AF5A-6AFE1A703D11}c:\\users\\yamine\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:c:\users\yamine\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"TCP Query User{AC925166-0D92-44A0-8245-D86C435CDE1D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1F7B724E-BB17-4C1B-9BFA-C90E09F72121}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{EC3A3ACE-E6CD-4001-ADE5-1C95CFB245A4}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{7699B33F-BC99-4F88-A062-50BF74BC90B9}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{064FE6CC-14FA-4FC5-9AB6-6693D14802B3}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{801A6C1B-62ED-483F-ABD9-0F86A646892B}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{58896B8B-DD9D-4773-876E-21E668EB271F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{06EEFD12-590B-425D-8FE3-0893F9AB932D}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [01/05/2009 08:47 12552]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [14/04/2009 20:24 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [01/05/2009 08:47 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [01/05/2009 08:47 108552]
R1 is-BFDS0drv;is-BFDS0drv;c:\windows\System32\drivers\49458090.sys [16/04/2009 04:40 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 12:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 12:43 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [01/05/2009 08:47 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/05/2009 08:47 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [03/05/2008 12:02 1153368]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 12:43 7408]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\System32\drivers\dualshock3.sys [09/03/2009 15:13 11392]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [07/12/2008 09:07 33752]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\System32\drivers\libusb0.sys [24/06/2008 20:19 33792]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd
.
Contenu du dossier 'Tâches planifiées'

2009-05-29 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-06-13 16:38]

2009-05-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-13 17:20]

2009-05-29 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-06-13 16:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exe
SafeBoot-procexp90.Sys

.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: &Windows Live Search
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 19:22
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

[0] 0x1F000000

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{76f636cd-893d-439d-9c0a-8325714254a5}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001a4d
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{a85da5f9-d5ef-4c52-beb5-373239d3580c}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0d020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
Heure de fin: 2009-05-29 19:23
ComboFix-quarantined-files.txt 2009-05-29 17:23

Avant-CF: 127 787 040 768 octets libres
Après-CF: 128 161 206 272 octets libres

288 --- E O F --- 2009-05-28 22:27

Réponse 50 / 90

loloetseb Messages postés 5684 Statut Membre 174

Bon pas mal d'infection apparaissent sur le rapport combofix,je fais te faire un script pour les supprimer

Réponse 51 / 90

loloetseb Messages postés 5684 Statut Membre 174

Je pense qu'on va dire au revoir aux pages en chinois maintenant

Réponse 52 / 90

Utilisateur anonyme

bonjour Vanji

Loloetseb m'a demandé de rediger un script à effectuer donc je te le transmets :

__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
c:\programdata\is-BFDS0
c:\programdata\is-44GK4
c:\programdata\Templates
c:\programdata\Favorites
c:\programdata\Documents
c:\programdata\Desktop
c:\windows\System32\drivers\49458090.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4F067CF8-707A-4B5A-A764-4E7B8894731C}c:\\users\\yamine\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"=-
"UDP Query User{EDCF9E4D-9B09-42C4-AF5A-6AFE1A703D11}c:\\users\\yamine\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"=-

Driver::
is-BFDS0drv
------------------------------------------------------------------

• Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
• Quitte le Bloc Notes

• Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) Comme ceci

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

Réponse 53 / 90

Vanji Messages postés 164 Statut Membre 2

bonjour

le rapport

ComboFix 09-05-28.07 - yamine 29/05/2009 20:51.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.2047.1296 [GMT 2:00]
Lancé depuis: c:\users\yamine\Downloads\ComboFix.exe
Commutateurs utilisés :: c:\users\yamine\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll"
"c:\programdata\Desktop"
"c:\programdata\Documents"
"c:\programdata\Favorites"
"c:\programdata\is-44GK4"
"c:\programdata\is-BFDS0"
"c:\programdata\Templates"
"c:\windows\System32\drivers\49458090.sys"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\drivers\49458090.sys

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IS-BFDS0DRV
-------\Service_is-BFDS0drv

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-29 ))))))))))))))))))))))))))))))))))))
.

2009-05-29 18:54 . 2009-05-29 18:54 -------- d-----w c:\users\mohamed\AppData\Local\temp
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 22:27 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\{98047F3A-5B7A-4D8F-A3B1-853BEC99803E}\mpengine.dll
2009-05-28 21:48 . 2009-05-28 21:49 -------- d-----w C:\rsit
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-28 19:59 . 2009-05-28 19:59 3371383 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-13 11:22 . 2009-05-13 11:21 2051864 ----a-w c:\programdata\avg8\update\backup\avgcorex.dll
2009-05-10 13:13 . 2009-05-10 21:44 -------- d-----w c:\program files\QuickTime
2009-05-10 13:13 . 2009-05-10 13:13 -------- d-----w c:\programdata\Apple Computer
2009-05-10 13:11 . 2009-05-10 13:11 -------- d-----w c:\program files\Apple Software Update
2009-05-10 13:11 . 2009-05-10 13:11 -------- d-----w c:\programdata\Apple
2009-05-06 10:06 . 2009-05-08 10:07 -------- d--h--w C:\$AVG8.VAULT$
2009-05-05 06:00 . 2009-05-04 13:07 2298680 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-05 06:00 . 2006-10-16 16:44 196608 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\ssleay32.dll
2009-05-05 06:00 . 2008-03-04 16:52 286720 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\libcurl.dll
2009-05-05 06:00 . 2007-10-31 07:39 59904 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\zlib1.dll
2009-05-05 06:00 . 2007-05-17 11:58 143360 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\libexpatw.dll
2009-05-05 06:00 . 2006-10-18 15:32 499712 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\msvcp71.dll
2009-05-05 06:00 . 2006-10-18 15:32 348160 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\msvcr71.dll
2009-05-05 06:00 . 2006-10-16 16:44 1028096 ----a-w c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\libeay32.dll
2009-05-01 07:05 . 2009-05-01 07:05 1437464 ----a-w c:\programdata\avg8\update\backup\avgupd.dll
2009-05-01 06:47 . 2009-05-01 07:06 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-01 06:47 . 2009-05-01 07:05 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-01 06:47 . 2009-05-01 07:06 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-01 06:47 . 2009-05-01 07:06 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-01 06:47 . 2009-05-29 15:08 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-01 06:47 . 2009-05-01 07:06 27784 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-05-01 06:47 . 2009-05-01 06:47 -------- d-----w c:\programdata\avg8
2009-04-30 13:46 . 2009-04-30 13:46 8854 ----a-r c:\users\yamine\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-04-30 13:46 . 2009-04-30 13:46 40960 ----a-r c:\users\yamine\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-04-30 13:46 . 2009-04-30 13:46 40960 ----a-r c:\users\yamine\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-04-30 13:46 . 2009-04-30 13:47 -------- d-----w c:\program files\Project64 1.6
2009-04-30 04:44 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-30 04:44 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 04:44 . 2009-05-28 19:59 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-29 18:55 . 2009-04-15 19:14 8652788 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-29 18:55 . 2009-04-15 19:14 738279456 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-29 15:08 . 2007-12-03 13:45 -------- d-----w c:\programdata\Google Updater
2009-05-29 15:06 . 2009-03-21 19:53 117760 ----a-w c:\users\yamine\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-28 21:52 . 2008-11-08 07:09 1 ----a-w c:\users\yamine\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-25 20:05 . 2009-03-30 22:55 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-15 22:52 . 2008-06-30 03:31 -------- d-----w c:\users\yamine\AppData\Roaming\Vso
2009-05-14 14:56 . 2008-05-02 21:26 -------- d-----w c:\users\yamine\AppData\Roaming\Azureus
2009-05-14 10:02 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-06 18:06 . 2007-11-22 21:53 4784464 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2009-05-01 07:05 . 2009-05-13 11:22 424472 ----a-w c:\programdata\avg8\update\backup\avgwdwsc.dll
2009-05-01 06:47 . 2009-05-01 07:06 10520 ----a-w c:\programdata\avg8\update\backup\avgrsstx.dll
2009-04-30 02:16 . 2009-03-21 19:52 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-27 08:53 . 2009-04-27 08:53 -------- d-----w c:\program files\Square Soft, Inc
2009-04-27 00:53 . 2007-06-13 13:38 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-27 00:53 . 2006-11-02 12:37 -------- d-----w c:\program files\Microsoft Games
2009-04-27 00:43 . 2008-05-06 19:21 -------- d-----w c:\program files\Java
2009-04-26 01:12 . 2008-08-18 17:34 -------- d-----w c:\program files\Trend Micro
2009-04-25 01:30 . 2007-11-28 19:12 -------- d-----w c:\programdata\NVIDIA
2009-04-22 03:57 . 2009-04-22 03:57 -------- d-----r c:\program files\Skype
2009-04-22 03:57 . 2008-09-15 01:53 -------- d-----w c:\programdata\Skype
2009-04-21 03:20 . 2008-03-16 19:10 -------- d-----w c:\program files\Azureus
2009-04-16 02:41 . 2009-04-16 02:41 -------- d-----w c:\programdata\is-BFDS0
2009-04-15 19:15 . 2009-04-15 19:15 -------- d-----w c:\programdata\is-44GK4
2009-04-14 18:24 . 2009-04-14 18:24 -------- d-----w c:\program files\Panda Security
2009-04-13 22:31 . 2008-04-02 14:36 -------- d-----w c:\program files\DNA
2009-04-13 22:20 . 2009-04-13 22:20 -------- d-----w c:\program files\InCode Solutions
2009-04-12 19:50 . 2009-04-11 16:51 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-11 20:35 . 2008-05-03 10:02 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-03 16:06 . 2007-06-13 23:07 678718 ----a-w c:\windows\system32\perfh00C.dat
2009-04-03 16:06 . 2007-06-13 23:07 127798 ----a-w c:\windows\system32\perfc00C.dat
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Templates
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Start Menu
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Favorites
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Documents
2009-03-31 23:42 . 2009-03-31 23:42 -------- d-----w c:\programdata\Desktop
2009-03-31 20:42 . 2008-05-02 19:53 68224 ----a-w c:\users\yamine\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-31 20:40 . 2008-05-03 10:02 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-30 18:02 . 2009-03-30 18:02 68224 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-03-17 03:38 . 2009-04-16 21:29 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 21:29 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-07 06:31 . 2009-03-07 06:31 684872 ----a-w c:\programdata\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-03-03 04:46 . 2009-04-16 21:30 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 21:30 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 21:29 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 21:30 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 21:30 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 21:30 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 21:29 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 21:30 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 21:30 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 21:30 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 21:30 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 21:30 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 21:29 26624 ----a-w c:\windows\system32\ieUnatt.exe
2007-06-13 23:16 . 2007-06-13 23:16 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 11:46 1510424 ----a-w c:\program files\free-downloads.net\tbfree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-30 1830128]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-25 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-01 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

c:\users\yamine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4D58F64C-48E9-46FF-AA35-00749E639CBF}"= UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{0911F78A-604B-4487-819C-BDDF4D9BD29E}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"{46C88CE7-3CB1-42EB-A98E-B15E8BEC378B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{3760109E-6E4D-4DAD-88AD-46DF53958FB7}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{AE71AFC6-2AE1-4D3A-811B-A13149C3858E}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{7849551B-B379-4315-9B33-7287E576A840}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{44AE04CF-001C-4D52-A49A-DCAE643F305C}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{AC925166-0D92-44A0-8245-D86C435CDE1D}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{1F7B724E-BB17-4C1B-9BFA-C90E09F72121}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{EC3A3ACE-E6CD-4001-ADE5-1C95CFB245A4}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{7699B33F-BC99-4F88-A062-50BF74BC90B9}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{064FE6CC-14FA-4FC5-9AB6-6693D14802B3}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{801A6C1B-62ED-483F-ABD9-0F86A646892B}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{58896B8B-DD9D-4773-876E-21E668EB271F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{06EEFD12-590B-425D-8FE3-0893F9AB932D}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [01/05/2009 08:47 12552]
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [14/04/2009 20:24 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [01/05/2009 08:47 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [01/05/2009 08:47 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2009 12:43 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17/02/2009 12:43 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [01/05/2009 08:47 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [01/05/2009 08:47 298776]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [03/05/2008 12:02 1153368]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17/02/2009 12:43 7408]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\System32\drivers\dualshock3.sys [09/03/2009 15:13 11392]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [07/12/2008 09:07 33752]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\System32\drivers\libusb0.sys [24/06/2008 20:19 33792]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd
.
Contenu du dossier 'Tâches planifiées'

2009-05-29 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-06-13 16:38]

2009-05-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-13 17:20]

2009-05-29 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-06-13 16:34]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: &Windows Live Search
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\yamine\AppData\Roaming\Mozilla\Firefox\Profiles\k9xh6n4w.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-29 20:57
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Heure de fin: 2009-05-29 21:01 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-29 19:01
ComboFix2.txt 2009-05-29 17:23

Avant-CF: 128 291 000 320 octets libres
Après-CF: 127 986 950 144 octets libres

301 --- E O F --- 2009-05-28 22:27

Réponse 54 / 90

Utilisateur anonyme

As-tu bien tout desactivé avant d'envoyer le script ? AVG et compagnie ?

------------------------ Autres processus actifs ------------------------

c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe

Réponse 55 / 90

Vanji Messages postés 164 Statut Membre 2

oui avg et spybot par contre free anti spyware version gratuite j'y arrive pas

http://2.bp.blogspot.com/...

Réponse 56 / 90

Utilisateur anonyme

mdr pourtant apparement il est pas actif

Réponse 57 / 90

Vanji Messages postés 164 Statut Membre 2

ouais lol c'est ca le pire ....

alors je fais quoi ?

Réponse 58 / 90

Utilisateur anonyme

ok ben relancs rsit stp

Réponse 59 / 90

Vanji Messages postés 164 Statut Membre 2

bonsoir

rapprot rsit

Logfile of random's system information tool 1.06 (written by random/random)
Run by yamine at 2009-05-31 01:47:11
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 122 GB (53%) free of 230 GB
Total RAM: 2047 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:47:17, on 31/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Users\yamine\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\yamine.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Réponse 60 / 90

Utilisateur anonyme

hello :

---> Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort.

---> Télécharge OTM (OldTimer) sur ton Bureau :

---> Double-clique sur OTM.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:services
a4indahx
ay0y2p05

:files
C:\Windows\PEV.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"TkBellExe"=-
"Adobe Reader Speed Launcher"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]

---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

Adresse page internet CHINOIS !!!!

90 réponses

Votre réponse

Discussions similaires

Newsletters