Sujet Précédent Sujet Suivant

Spyware- aide rapport hijackthis

Résolu/Fermé
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 - 20 févr. 2008 à 09:14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 20 févr. 2008 à 22:40
Bonjour,
Encore ces satanés spyware. je n'ai pas dormi de la nuit. impossible de m'en débarasser.
inféctés de message d'alerte, des pages internet explorer qui s'ouvre toutes seules, un écran bleu...
spybot les dectectes, les supprimes mais ils sont toujours la.
aidé moi je vous en pris.

voici un rapport hijackthis, inconnu pour moi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:25 PM, on 2/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06AE1338-9F6B-42D2-88B6-A4693E05BB12} - (no file)
O2 - BHO: (no name) - {1448EE46-2F9F-4747-944C-EED324DB9994} - (no file)
O2 - BHO: (no name) - {2D3FEA1D-D291-4333-8ADA-A9F7F2C29D33} - (no file)
O2 - BHO: (no name) - {3b55ba0c-15c3-4801-9ea6-a874ae37343b} - (no file)
O2 - BHO: (no name) - {50FAE750-CC17-4E0E-A385-58D3CDC1DECB} - C:\Windows\system32\efcab.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F5EC9DA-F9E6-4DDC-8BCD-E2A622C23F18} - (no file)
O2 - BHO: {afd673e3-bc6a-1c18-7114-3feca1b8c669} - {966c8b1a-cef3-4117-81c1-a6cb3e376dfa} - C:\Windows\system32\ycjpihtp.dll (file missing)
O2 - BHO: (no name) - {AA48451D-458B-4D55-8F34-291244D963D3} - C:\Windows\system32\efcab.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {bd7f8d19-8852-49fd-b0d9-7030b1b939fb} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: (no name) - {ca73130f-8e2f-4e81-98c3-7b2941fad282} - (no file)
O2 - BHO: (no name) - {E7AA4BA0-C909-428C-902C-DE4723846865} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fcyya.dll,#1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [4a03a710] rundll32.exe "C:\Windows\system32\weivgsbl.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

19 réponses

Réponse 1 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 févr. 2008 à 11:04
slt,


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


O2 - BHO: (no name) - {06AE1338-9F6B-42D2-88B6-A4693E05BB12} - (no file)
O2 - BHO: (no name) - {1448EE46-2F9F-4747-944C-EED324DB9994} - (no file)
O2 - BHO: (no name) - {2D3FEA1D-D291-4333-8ADA-A9F7F2C29D33} - (no file)
O2 - BHO: (no name) - {3b55ba0c-15c3-4801-9ea6-a874ae37343b} - (no file)
O2 - BHO: (no name) - {50FAE750-CC17-4E0E-A385-58D3CDC1DECB} - C:\Windows\system32\efcab.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F5EC9DA-F9E6-4DDC-8BCD-E2A622C23F18} - (no file)
O2 - BHO: {afd673e3-bc6a-1c18-7114-3feca1b8c669} - {966c8b1a-cef3-4117-81c1-a6cb3e376dfa} - C:\Windows\system32\ycjpihtp.dll (file missing)
O2 - BHO: (no name) - {AA48451D-458B-4D55-8F34-291244D963D3} - C:\Windows\system32\efcab.dll (file missing)
O2 - BHO: (no name) - {bd7f8d19-8852-49fd-b0d9-7030b1b939fb} - (no file)
O2 - BHO: (no name) - {ca73130f-8e2f-4e81-98c3-7b2941fad282} - (no file)
O2 - BHO: (no name) - {E7AA4BA0-C909-428C-902C-DE4723846865} - (no file)
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fcyya.dll,#1
O4 - HKLM\..\Run: [4a03a710] rundll32.exe "C:\Windows\system32\weivgsbl.dll",b
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - (no file)


__________________



scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.

____________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

___________________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Windows\system32\weivgsbl.dll
C:\Windows\system32\fcyya.dll

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________________

recolle un rapport hiajckhtis et dis tes soucis
0
Réponse 2 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 11:15
salut
je n'ai pas commencé la premiere étape car je ne trouve pas les lignes correspondantes dans le rapport hijackthis
peut etre je me suis trompé, je te remet un rapport
merci bcp


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:20 AM, on 2/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 3 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 févr. 2008 à 11:24
effectivement c'est pas pareil!!!!!



desactive le tea timer de spybot. tu as ad aware + spybot + avg antispyware + windwos defender: ne garde qu'un seul pour l'analyse en temps réel, pour les autres desactive la protection resisdente et lances les à la demande!
_________

fix ces lignes:

O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll

O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe

__________________


combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

___________________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Program Files\NetProject
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________________

recolle un rapport hiajckhtis et dis tes soucis
0
Réponse 4 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 11:50
ok merci

voici le rapport combofix

ComboFix 08-02-20.2 - Eric 02/20/2008 11:32:22.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1243 [GMT 1:00]
Endroit: C:\Users\Eric\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 09:44 --------- d-----w C:\Users\Eric\AppData\Roaming\Grisoft
2008-02-20 07:57 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-20 07:55 502,272 ----a-w C:\Windows\Internet Logs\xDB9452.tmp
2008-02-20 07:55 1,314,304 ----a-w C:\Windows\Internet Logs\xDB9A5C.tmp
2008-02-20 07:32 1,626,112 ----a-w C:\Windows\Internet Logs\xDB702F.tmp
2008-02-20 06:28 --------- d-----w C:\Users\Eric\AppData\Roaming\Azureus
2008-02-20 06:27 --------- d-----w C:\Program Files\NetProject
2008-02-20 04:48 --------- d-----w C:\Program Files\Everest Poker
2008-02-20 04:40 --------- d---a-w C:\ProgramData\TEMP
2008-02-19 23:30 --------- d-----w C:\Program Files\Zone Labs
2008-02-19 22:05 --------- d-----w C:\Program Files\Azureus
2008-02-19 21:57 34,793 ----a-w C:\Windows\system32\drivers\kwflower.log
2008-02-19 21:56 14,829 ----a-w C:\Windows\system32\drivers\kwfupper.log
2008-02-19 03:40 --------- d-----w C:\Program Files\TimeAdjuster
2008-02-19 03:19 --------- d-----w C:\Program Files\URUSoft
2008-02-17 02:59 --------- d-----w C:\Users\Eric\AppData\Roaming\Kerio
2008-02-15 19:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-15 19:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-15 19:39 691,545 ----a-w C:\Windows\unins000.exe
2008-02-14 23:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 22:29 --------- d-----w C:\ProgramData\CheckPoint
2008-02-14 22:27 --------- d-----w C:\Program Files\Navilog1
2008-02-14 22:21 --------- d-----w C:\Program Files\Avira
2008-02-14 22:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 21:14 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-14 13:43 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-14 06:21 --------- d-----w C:\Program Files\Trend Micro
2008-02-14 06:00 --------- d-----w C:\ProgramData\Grisoft
2008-02-14 05:56 --------- d-----w C:\Program Files\CCleaner
2008-02-14 04:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 03:52 --------- d-----w C:\Program Files\NBC Heads Up
2008-02-14 02:45 --------- d-----w C:\Program Files\SimpleOCR
2008-02-14 02:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:09 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:09 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:09 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 19:44 --------- d-----w C:\ProgramData\FLEXnet
2008-02-13 18:12 --------- d-----w C:\Users\Eric\AppData\Roaming\Thunderbird
2008-02-13 17:29 --------- d-----w C:\Program Files\Foxit Software
2008-02-13 01:57 --------- d-----w C:\Program Files\Poker Tracker V2
2008-02-09 21:07 --------- d-----w C:\Program Files\Veoh Networks
2008-02-01 03:47 --------- d-----w C:\Program Files\ChanPoker.com
2008-01-31 12:56 --------- d-----w C:\Users\Eric\AppData\Roaming\LimeWire
2008-01-27 23:12 --------- d-----w C:\Program Files\Google
2008-01-17 08:11 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-01-17 08:11 --------- d-----w C:\ProgramData\Lavasoft
2008-01-17 07:51 --------- d-----w C:\Program Files\Lavasoft
2008-01-17 07:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 08:59 62,464 ----a-w C:\Windows\system32\drivers\kvpndrv.sys
2008-01-14 20:15 --------- d-----w C:\Users\Eric\AppData\Roaming\Lavasoft
2008-01-13 12:55 --------- d-----w C:\Program Files\PokerStars
2008-01-11 14:28 --------- d-----w C:\ProgramData\Protexis
2008-01-10 19:11 --------- d-----w C:\Users\Eric\AppData\Roaming\U3
2008-01-09 19:03 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 02:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 02:02 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-04 19:15 --------- d-----w C:\Program Files\Microsoft Works
2008-01-04 19:12 --------- d-----w C:\Program Files\HoldemInspector2
2008-01-04 19:11 --------- d-----w C:\Program Files\PacificPoker
2008-01-04 19:08 --------- d-----w C:\ProgramData\eMule
2008-01-04 19:08 --------- d-----w C:\Program Files\PokerAce Hud
2008-01-04 19:08 --------- d-----w C:\Program Files\eMule
2008-01-04 19:08 --------- d-----w C:\Program Files\Bodog Poker
2008-01-04 03:23 --------- d-----w C:\Program Files\DMV
2008-01-01 22:48 --------- d-----w C:\Program Files\LimeWire
2007-12-28 16:22 --------- d-----w C:\Program Files\Wanadoo
2007-12-12 02:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 02:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 02:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-09-11 18:08 174 --sha-w C:\Program Files\desktop.ini
2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-24 08:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-02-25 16:32 5 --sha-w C:\Windows\System32\fdfaadada6_s.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 03:01 AM 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 01:35 PM 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/05/2007 02:21 AM 171448]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [11/13/2006 06:43 PM 472632]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 01:36 PM 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 05:28 PM 1006264]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/11/2006 08:23 AM 118784]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [11/14/2006 10:46 AM 411768]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [11/11/2006 03:35 PM 43128]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/07/2006 12:25 PM 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/07/2006 12:25 PM 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/15/2008 12:47 AM 249896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/28/2007 05:17 AM 959976]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 10:25 AM 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"= C:\Program Files\NetProject\scit.exe
"start"= C:\Program Files\NetProject\sbmntr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 11/24/2006 10:36 AM 73728 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [11/15/2006 07:18 AM]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [10/31/2006 10:40 PM]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [08/04/2006 09:39 AM]
R3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [10/30/2006 01:42 AM]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [10/27/2006 02:08 PM]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [10/27/2006 02:08 PM]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [09/06/2006 10:44 AM]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [11/06/2006 02:56 PM]
S3 kvpndev;Kerio VPN adapter;C:\Windows\system32\DRIVERS\kvpndrv.sys [01/16/2008 09:59 AM]
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [04/14/2006 10:04 AM]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [01/10/2007 04:51 PM]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [01/08/2007 05:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8c405e-bf71-11dc-81e2-0013a9868c47}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4f29926-c683-11db-ac7b-0016fef72482}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf573b9-c69d-11db-b0fb-0016fef72482}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-20 02:01:08 C:\Windows\Tasks\User_Feed_Synchronization-{749F7267-3809-4F65-A674-B375A4B1B6E4}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 11:35:44
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Temps d'accomplissement: 02/20/2008 11:36:39
ComboFix-quarantined-files.txt 2008-02-20 10:36:34
ComboFix2.txt 2008-02-14 17:42:27
.
2008-02-14 02:18:03 --- E O F ---



ainsi que le rapport OTMoveIt


Folder move failed. C:\Program Files\NetProject scheduled to be moved on reboot.
File move failed. C:\Program Files\NetProject\scit.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\NetProject\scm.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\NetProject\sbmntr.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\NetProject\sbsm.exe scheduled to be moved on reboot.

OTMoveIt2 v1.0.20 log created on 02202008_113813


Enfin le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:14 AM, on 2/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 11:55
j'ai encore un point d'exclamation dans la barre des taches.(system alert...
je ne pense pas que c'est mieux
grave?
0
Réponse 6 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 12:00
encore une info
un message me dis que je suis infécté par spyware cyberlog X ???
0
Réponse 7 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 févr. 2008 à 12:00
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif




Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



File::


C:\Program Files\NetProject
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scit.exe





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 8 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 12:13
ok voila les 2 RAPPORT

combofix:



ComboFix 08-02-20.2 - Eric 02/20/2008 12:07:01.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1349 [GMT 1:00]
Endroit: C:\Users\Eric\Desktop\ComboFix.exe
Command switches used :: C:\Users\Eric\Desktop\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Program Files\NetProject
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scit.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scit.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 11:07 --------- d-----w C:\Program Files\NetProject
2008-02-20 10:41 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-20 09:44 --------- d-----w C:\Users\Eric\AppData\Roaming\Grisoft
2008-02-20 07:55 502,272 ----a-w C:\Windows\Internet Logs\xDB9452.tmp
2008-02-20 07:55 1,314,304 ----a-w C:\Windows\Internet Logs\xDB9A5C.tmp
2008-02-20 07:32 1,626,112 ----a-w C:\Windows\Internet Logs\xDB702F.tmp
2008-02-20 06:28 --------- d-----w C:\Users\Eric\AppData\Roaming\Azureus
2008-02-20 04:48 --------- d-----w C:\Program Files\Everest Poker
2008-02-20 04:40 --------- d---a-w C:\ProgramData\TEMP
2008-02-19 23:30 --------- d-----w C:\Program Files\Zone Labs
2008-02-19 22:05 --------- d-----w C:\Program Files\Azureus
2008-02-19 21:57 34,793 ----a-w C:\Windows\system32\drivers\kwflower.log
2008-02-19 21:56 14,829 ----a-w C:\Windows\system32\drivers\kwfupper.log
2008-02-19 03:40 --------- d-----w C:\Program Files\TimeAdjuster
2008-02-19 03:19 --------- d-----w C:\Program Files\URUSoft
2008-02-17 02:59 --------- d-----w C:\Users\Eric\AppData\Roaming\Kerio
2008-02-15 19:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-15 19:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-15 19:39 691,545 ----a-w C:\Windows\unins000.exe
2008-02-14 23:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 22:29 --------- d-----w C:\ProgramData\CheckPoint
2008-02-14 22:27 --------- d-----w C:\Program Files\Navilog1
2008-02-14 22:21 --------- d-----w C:\Program Files\Avira
2008-02-14 22:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 21:14 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-14 13:43 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-14 06:21 --------- d-----w C:\Program Files\Trend Micro
2008-02-14 06:00 --------- d-----w C:\ProgramData\Grisoft
2008-02-14 05:56 --------- d-----w C:\Program Files\CCleaner
2008-02-14 04:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 03:52 --------- d-----w C:\Program Files\NBC Heads Up
2008-02-14 02:45 --------- d-----w C:\Program Files\SimpleOCR
2008-02-14 02:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:09 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:09 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:09 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 19:44 --------- d-----w C:\ProgramData\FLEXnet
2008-02-13 18:12 --------- d-----w C:\Users\Eric\AppData\Roaming\Thunderbird
2008-02-13 17:29 --------- d-----w C:\Program Files\Foxit Software
2008-02-13 01:57 --------- d-----w C:\Program Files\Poker Tracker V2
2008-02-09 21:07 --------- d-----w C:\Program Files\Veoh Networks
2008-02-01 03:47 --------- d-----w C:\Program Files\ChanPoker.com
2008-01-31 12:56 --------- d-----w C:\Users\Eric\AppData\Roaming\LimeWire
2008-01-27 23:12 --------- d-----w C:\Program Files\Google
2008-01-17 08:11 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-01-17 08:11 --------- d-----w C:\ProgramData\Lavasoft
2008-01-17 07:51 --------- d-----w C:\Program Files\Lavasoft
2008-01-17 07:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 08:59 62,464 ----a-w C:\Windows\system32\drivers\kvpndrv.sys
2008-01-14 20:15 --------- d-----w C:\Users\Eric\AppData\Roaming\Lavasoft
2008-01-13 12:55 --------- d-----w C:\Program Files\PokerStars
2008-01-11 14:28 --------- d-----w C:\ProgramData\Protexis
2008-01-10 19:11 --------- d-----w C:\Users\Eric\AppData\Roaming\U3
2008-01-09 19:03 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 02:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 02:02 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-04 19:15 --------- d-----w C:\Program Files\Microsoft Works
2008-01-04 19:12 --------- d-----w C:\Program Files\HoldemInspector2
2008-01-04 19:11 --------- d-----w C:\Program Files\PacificPoker
2008-01-04 19:08 --------- d-----w C:\ProgramData\eMule
2008-01-04 19:08 --------- d-----w C:\Program Files\PokerAce Hud
2008-01-04 19:08 --------- d-----w C:\Program Files\eMule
2008-01-04 19:08 --------- d-----w C:\Program Files\Bodog Poker
2008-01-04 03:23 --------- d-----w C:\Program Files\DMV
2008-01-01 22:48 --------- d-----w C:\Program Files\LimeWire
2007-12-28 16:22 --------- d-----w C:\Program Files\Wanadoo
2007-12-12 02:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 02:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 02:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-09-11 18:08 174 --sha-w C:\Program Files\desktop.ini
2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-24 08:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-02-25 16:32 5 --sha-w C:\Windows\System32\fdfaadada6_s.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 03:01 AM 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 01:35 PM 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/05/2007 02:21 AM 171448]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [11/13/2006 06:43 PM 472632]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 01:36 PM 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 05:28 PM 1006264]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/11/2006 08:23 AM 118784]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [11/14/2006 10:46 AM 411768]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [11/11/2006 03:35 PM 43128]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/07/2006 12:25 PM 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/07/2006 12:25 PM 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/15/2008 12:47 AM 249896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/28/2007 05:17 AM 959976]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 10:25 AM 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 11/24/2006 10:36 AM 73728 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [11/15/2006 07:18 AM]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [10/31/2006 10:40 PM]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [08/04/2006 09:39 AM]
R3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [10/30/2006 01:42 AM]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [10/27/2006 02:08 PM]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [10/27/2006 02:08 PM]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [09/06/2006 10:44 AM]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [11/06/2006 02:56 PM]
S3 kvpndev;Kerio VPN adapter;C:\Windows\system32\DRIVERS\kvpndrv.sys [01/16/2008 09:59 AM]
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [04/14/2006 10:04 AM]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [01/10/2007 04:51 PM]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [01/08/2007 05:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8c405e-bf71-11dc-81e2-0013a9868c47}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4f29926-c683-11db-ac7b-0016fef72482}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf573b9-c69d-11db-b0fb-0016fef72482}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-20 02:01:08 C:\Windows\Tasks\User_Feed_Synchronization-{749F7267-3809-4F65-A674-B375A4B1B6E4}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 12:09:16
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 02/20/2008 12:09:56
ComboFix-quarantined-files.txt 2008-02-20 11:09:54
ComboFix2.txt 2008-02-20 10:36:41
ComboFix3.txt 2008-02-14 17:42:27
.
2008-02-14 02:18:03 --- E O F ---



et hijackhis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:12:19 PM, on 2/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\ipconfig.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 9 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 févr. 2008 à 12:18
desactive le tea timer le temps de la desisnfection!

normal qu'il trouve des choses car je modifie des logiciel sur ton ordi en desisnfectant!
______________




Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



File::

C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe





Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


__________________

colle un rapport antivir en plus et dis tes soucis actuels

rq: comme j'ai déjà dis, il ne faut qu'un seul antiesopion qui fasse une analyse en temps reel!
0
Réponse 10 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 12:39
voila , de nouveau les 2 rapports demandés:

ComboFix 08-02-20.2 - Eric 02/20/2008 12:29:58.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1268 [GMT 1:00]
Endroit: C:\Users\Eric\Desktop\ComboFix.exe
Command switches used :: C:\Users\Eric\Desktop\CFscript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\scm.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\NetProject\sbsm.exe
C:\Program Files\NetProject\scm.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 11:30 --------- d-----w C:\Program Files\NetProject
2008-02-20 11:27 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-20 09:44 --------- d-----w C:\Users\Eric\AppData\Roaming\Grisoft
2008-02-20 07:55 502,272 ----a-w C:\Windows\Internet Logs\xDB9452.tmp
2008-02-20 07:55 1,314,304 ----a-w C:\Windows\Internet Logs\xDB9A5C.tmp
2008-02-20 07:32 1,626,112 ----a-w C:\Windows\Internet Logs\xDB702F.tmp
2008-02-20 06:28 --------- d-----w C:\Users\Eric\AppData\Roaming\Azureus
2008-02-20 04:48 --------- d-----w C:\Program Files\Everest Poker
2008-02-20 04:40 --------- d---a-w C:\ProgramData\TEMP
2008-02-19 23:30 --------- d-----w C:\Program Files\Zone Labs
2008-02-19 22:05 --------- d-----w C:\Program Files\Azureus
2008-02-19 21:57 34,793 ----a-w C:\Windows\system32\drivers\kwflower.log
2008-02-19 21:56 14,829 ----a-w C:\Windows\system32\drivers\kwfupper.log
2008-02-19 03:40 --------- d-----w C:\Program Files\TimeAdjuster
2008-02-19 03:19 --------- d-----w C:\Program Files\URUSoft
2008-02-17 02:59 --------- d-----w C:\Users\Eric\AppData\Roaming\Kerio
2008-02-15 19:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-15 19:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-15 19:39 691,545 ----a-w C:\Windows\unins000.exe
2008-02-14 23:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 22:29 --------- d-----w C:\ProgramData\CheckPoint
2008-02-14 22:27 --------- d-----w C:\Program Files\Navilog1
2008-02-14 22:21 --------- d-----w C:\Program Files\Avira
2008-02-14 22:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-14 21:14 --------- d-----w C:\Program Files\SpywareBlaster
2008-02-14 13:43 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-14 06:21 --------- d-----w C:\Program Files\Trend Micro
2008-02-14 06:00 --------- d-----w C:\ProgramData\Grisoft
2008-02-14 05:56 --------- d-----w C:\Program Files\CCleaner
2008-02-14 04:42 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-14 03:52 --------- d-----w C:\Program Files\NBC Heads Up
2008-02-14 02:45 --------- d-----w C:\Program Files\SimpleOCR
2008-02-14 02:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:09 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:09 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:09 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-14 02:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 19:44 --------- d-----w C:\ProgramData\FLEXnet
2008-02-13 18:12 --------- d-----w C:\Users\Eric\AppData\Roaming\Thunderbird
2008-02-13 17:29 --------- d-----w C:\Program Files\Foxit Software
2008-02-13 01:57 --------- d-----w C:\Program Files\Poker Tracker V2
2008-02-09 21:07 --------- d-----w C:\Program Files\Veoh Networks
2008-02-01 03:47 --------- d-----w C:\Program Files\ChanPoker.com
2008-01-31 12:56 --------- d-----w C:\Users\Eric\AppData\Roaming\LimeWire
2008-01-27 23:12 --------- d-----w C:\Program Files\Google
2008-01-17 08:11 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-01-17 08:11 --------- d-----w C:\ProgramData\Lavasoft
2008-01-17 07:51 --------- d-----w C:\Program Files\Lavasoft
2008-01-17 07:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-16 08:59 62,464 ----a-w C:\Windows\system32\drivers\kvpndrv.sys
2008-01-14 20:15 --------- d-----w C:\Users\Eric\AppData\Roaming\Lavasoft
2008-01-13 12:55 --------- d-----w C:\Program Files\PokerStars
2008-01-11 14:28 --------- d-----w C:\ProgramData\Protexis
2008-01-10 19:11 --------- d-----w C:\Users\Eric\AppData\Roaming\U3
2008-01-09 19:03 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 02:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 02:02 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-04 19:15 --------- d-----w C:\Program Files\Microsoft Works
2008-01-04 19:12 --------- d-----w C:\Program Files\HoldemInspector2
2008-01-04 19:11 --------- d-----w C:\Program Files\PacificPoker
2008-01-04 19:08 --------- d-----w C:\ProgramData\eMule
2008-01-04 19:08 --------- d-----w C:\Program Files\PokerAce Hud
2008-01-04 19:08 --------- d-----w C:\Program Files\eMule
2008-01-04 19:08 --------- d-----w C:\Program Files\Bodog Poker
2008-01-04 03:23 --------- d-----w C:\Program Files\DMV
2008-01-01 22:48 --------- d-----w C:\Program Files\LimeWire
2007-12-28 16:22 --------- d-----w C:\Program Files\Wanadoo
2007-12-12 02:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 02:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 02:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-09-11 18:08 174 --sha-w C:\Program Files\desktop.ini
2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-24 08:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-02-25 16:32 5 --sha-w C:\Windows\System32\fdfaadada6_s.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 03:01 AM 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 01:35 PM 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/05/2007 02:21 AM 171448]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [11/13/2006 06:43 PM 472632]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 01:36 PM 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 05:28 PM 1006264]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/11/2006 08:23 AM 118784]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [11/14/2006 10:46 AM 411768]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [11/11/2006 03:35 PM 43128]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/07/2006 12:25 PM 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/07/2006 12:25 PM 81920]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/15/2008 12:47 AM 249896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/28/2007 05:17 AM 959976]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 10:25 AM 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 11/24/2006 10:36 AM 73728 C:\Windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [11/15/2006 07:18 AM]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" []
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [10/31/2006 10:40 PM]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [08/04/2006 09:39 AM]
R3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [10/30/2006 01:42 AM]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [10/27/2006 02:08 PM]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [10/27/2006 02:08 PM]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [09/06/2006 10:44 AM]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [11/06/2006 02:56 PM]
S3 kvpndev;Kerio VPN adapter;C:\Windows\system32\DRIVERS\kvpndrv.sys [01/16/2008 09:59 AM]
S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [04/14/2006 10:04 AM]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [01/10/2007 04:51 PM]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [01/08/2007 05:06 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8c405e-bf71-11dc-81e2-0013a9868c47}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4f29926-c683-11db-ac7b-0016fef72482}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf573b9-c69d-11db-b0fb-0016fef72482}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-20 02:01:08 C:\Windows\Tasks\User_Feed_Synchronization-{749F7267-3809-4F65-A674-B375A4B1B6E4}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 12:32:59
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 02/20/2008 12:33:39
ComboFix-quarantined-files.txt 2008-02-20 11:33:37
ComboFix2.txt 2008-02-20 11:09:57
ComboFix3.txt 2008-02-20 10:36:41
ComboFix4.txt 2008-02-14 17:42:27
.
2008-02-14 02:18:03 --- E O F ---




et hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38:00 PM, on 2/20/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 11 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 févr. 2008 à 12:51
oui c'est bon!


par contre tu as toujours 3 anti espions en temps réel , desactive en deux!

on les voit:
C:\Program Files\Windows Defender\MSASCui.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe



___________________




j'attends antivir
0
Réponse 12 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 13:13
salut encore

effectivement, ça a l'air d'aller mieux!! je vais enfin pouvoir allez me coucher

en attendant le san antivir, je me permet de te poser 3-4 questions, si tu as le temps d'y répondre

Ca fait 2 fois en 4 jours que je suis infectés par ces conneries.
je pense avoir des doutes sur l'origine de ces attaques....
pourtant, je suis equipé d'antivir, de teatimer ainsi que la version gratuite de zone alarm.
Est ce normal, que malgré ces protections je suis encore attaqué sans cesses?
y a-t-il encore une faille dans la combinaison des 3 outils de protection?

j'ai bien compris que j'avais 3 protections en temps réels et qu'une seule suffisait.
laquelle me conseilles tu de garder?

si ceci se reproduit est ce que combofix peut régler le problème a lui seul?

Enfin, la version gratuite de zone alarm, non paramétrable, est elle la seule compatible avec vista? (car je le coupe quand je télécharge et c'est peut être dangereux). Le firewall intégré de vista ne suffit-il pas?

Merci bcp de m'avoir dépanner. c'est toi qui m'a aidé également la dernière fois.

le scan antivir n'est pas fini mais il me donne 2 warnings.

merci encore pour tout en espérant que tu auras le temps de répondre à ces questions.

salut
0
Réponse 13 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 févr. 2008 à 13:21
Ca fait 2 fois en 4 jours que je suis infectés par ces conneries.
je pense avoir des doutes sur l'origine de ces attaques....
pourtant, je suis equipé d'antivir, de teatimer ainsi que la version gratuite de zone alarm.
Est ce normal, que malgré ces protections je suis encore attaqué sans cesses?



maintenant que l'on a viré l'infection tu ne devrais plus avoir d'alerte, l'infection était presente de puis plusieurs jour dans ton ordi d'ou les alertes a répétition
_______________

y a-t-il encore une faille dans la combinaison des 3 outils de protection?

j'ai bien compris que j'avais 3 protections en temps réels et qu'une seule suffisait.
laquelle me conseilles tu de garder?




pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :

AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER TERMINATOR

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf



____________________


si ceci se reproduit est ce que combofix peut régler le problème a lui seul?

TOUT DEPENDS DES INFECTIONS.... antivir risque de le considérer comme nefaste n'en tiens pas compte ou vire le de ton ordi

___________________

Enfin, la version gratuite de zone alarm, non paramétrable, est elle la seule compatible avec vista? (car je le coupe quand je télécharge et c'est peut être dangereux). Le firewall intégré de vista ne suffit-il pas?


Le firewall de vista n'est pas performant, zone alarm est mieux!



pour les parefeu : garde zone alarm sion il me semble que jetico est compatible vista

http://cs76.free.fr/pare-feu-gratuit.php
0
Réponse 14 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 13:49
ok

merci pour tes conseils

antivir n'est qu'a 60%? le rapport donne pour l'instant 4 détections et 2 warnings.

je vais dormir et posterai le rapport au reveil

merci encore
salut
0
Réponse 15 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 févr. 2008 à 17:32
ok a plus
0
Réponse 16 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 20:06
slt
voila le rapport anti vir qui me semble bon



AntiVir PersonalEdition Classic
Report file date: mercredi 20 février 2008 12:35

Scanning for 1117323 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: SYSTEM
Computer name: RICO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 23:47:14
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 23:47:14
ANTIVIR3.VDF : 7.0.2.162 292864 Bytes 19/02/2008 21:41:39
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 15/02/2008 22:22:26
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 14/02/2008 23:47:14
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: Z:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 20 février 2008 12:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'conime.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
Scan process 'Switcher.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'postgres.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pg_ctl.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'TosAVRC.exe' - '1' Module(s) have been scanned
Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'SSAAD.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
Scan process 'VCUServe.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
80 processes with 80 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'Z:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '10' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\VundoFix Backups\byvvw.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.gc
[INFO] The file was moved to '483220be.qua'!
C:\VundoFix Backups\efcab.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.gc
[INFO] The file was moved to '481f20b2.qua'!
C:\VundoFix Backups\mllmj.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.gc
[INFO] The file was moved to '482820c0.qua'!
C:\VundoFix Backups\yayay.dll.bad
[DETECTION] Is the Trojan horse TR/Vundo.gc
[INFO] The file was moved to '483520bb.qua'!
Begin scan in 'Z:\'


End of the scan: mercredi 20 février 2008 13:58
Used time: 1:23:14 min

The scan has been done completely.

16043 Scanning directories
361161 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
361157 Files not concerned
1979 Archives were scanned
2 Warnings
22 Notes


il y a juste 2 WARNINGS qui ne doivent pas etre trop grave
je pense que tout va bien

merci bcp encore
slt
0
Réponse 17 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 févr. 2008 à 20:37
ok oui c'est bon!

vire ce qui est dans vundofix backups en allant dans poste de travail puis C

C:\VundoFix Backups\

________________

vire ce qui est en quarantaine dans antivir

_____________


si pas de soucis c'est bon!
0
Réponse 18 / 19
rikcholz Messages postés 31 Date d'inscription samedi 24 avril 2004 Statut Membre Dernière intervention 20 février 2008 1
20 févr. 2008 à 22:31
OK MERCI
SALUT
0
Réponse 19 / 19
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
20 févr. 2008 à 22:40
ok
bonne continuation
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Accés au cloud
Dadou1968 -
loisou17 -

3 réponses