Spyware- aide rapport hijackthis

Résolu
rikcholz Messages postés 31 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Encore ces satanés spyware. je n'ai pas dormi de la nuit. impossible de m'en débarasser.
inféctés de message d'alerte, des pages internet explorer qui s'ouvre toutes seules, un écran bleu...
spybot les dectectes, les supprimes mais ils sont toujours la.
aidé moi je vous en pris.

voici un rapport hijackthis, inconnu pour moi.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:25 PM, on 2/14/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06AE1338-9F6B-42D2-88B6-A4693E05BB12} - (no file)
O2 - BHO: (no name) - {1448EE46-2F9F-4747-944C-EED324DB9994} - (no file)
O2 - BHO: (no name) - {2D3FEA1D-D291-4333-8ADA-A9F7F2C29D33} - (no file)
O2 - BHO: (no name) - {3b55ba0c-15c3-4801-9ea6-a874ae37343b} - (no file)
O2 - BHO: (no name) - {50FAE750-CC17-4E0E-A385-58D3CDC1DECB} - C:\Windows\system32\efcab.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8F5EC9DA-F9E6-4DDC-8BCD-E2A622C23F18} - (no file)
O2 - BHO: {afd673e3-bc6a-1c18-7114-3feca1b8c669} - {966c8b1a-cef3-4117-81c1-a6cb3e376dfa} - C:\Windows\system32\ycjpihtp.dll (file missing)
O2 - BHO: (no name) - {AA48451D-458B-4D55-8F34-291244D963D3} - C:\Windows\system32\efcab.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {bd7f8d19-8852-49fd-b0d9-7030b1b939fb} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: (no name) - {ca73130f-8e2f-4e81-98c3-7b2941fad282} - (no file)
O2 - BHO: (no name) - {E7AA4BA0-C909-428C-902C-DE4723846865} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fcyya.dll,#1
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [4a03a710] rundll32.exe "C:\Windows\system32\weivgsbl.dll",b
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13109 bytes

voia, aidé moi vite s'il vous plait. merci
Configuration: Windows Vista
Firefox 2.0.0.12

19 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: (no name) - {06AE1338-9F6B-42D2-88B6-A4693E05BB12} - (no file)
    O2 - BHO: (no name) - {1448EE46-2F9F-4747-944C-EED324DB9994} - (no file)
    O2 - BHO: (no name) - {2D3FEA1D-D291-4333-8ADA-A9F7F2C29D33} - (no file)
    O2 - BHO: (no name) - {3b55ba0c-15c3-4801-9ea6-a874ae37343b} - (no file)
    O2 - BHO: (no name) - {50FAE750-CC17-4E0E-A385-58D3CDC1DECB} - C:\Windows\system32\efcab.dll (file missing)
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8F5EC9DA-F9E6-4DDC-8BCD-E2A622C23F18} - (no file)
    O2 - BHO: {afd673e3-bc6a-1c18-7114-3feca1b8c669} - {966c8b1a-cef3-4117-81c1-a6cb3e376dfa} - C:\Windows\system32\ycjpihtp.dll (file missing)
    O2 - BHO: (no name) - {AA48451D-458B-4D55-8F34-291244D963D3} - C:\Windows\system32\efcab.dll (file missing)
    O2 - BHO: (no name) - {bd7f8d19-8852-49fd-b0d9-7030b1b939fb} - (no file)
    O2 - BHO: (no name) - {ca73130f-8e2f-4e81-98c3-7b2941fad282} - (no file)
    O2 - BHO: (no name) - {E7AA4BA0-C909-428C-902C-DE4723846865} - (no file)
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
    O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\fcyya.dll,#1
    O4 - HKLM\..\Run: [4a03a710] rundll32.exe "C:\Windows\system32\weivgsbl.dll",b
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - (no file)

    __________________

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    ____________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    ___________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Windows\system32\weivgsbl.dll
    C:\Windows\system32\fcyya.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    __________________________

    recolle un rapport hiajckhtis et dis tes soucis
    0
  2. rikcholz Messages postés 31 Statut Membre 1
     
    salut
    je n'ai pas commencé la premiere étape car je ne trouve pas les lignes correspondantes dans le rapport hijackthis
    peut etre je me suis trompé, je te remet un rapport
    merci bcp

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:15:20 AM, on 2/20/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\SonicStage\SSAAD.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
    O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
    O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    effectivement c'est pas pareil!!!!!

    desactive le tea timer de spybot. tu as ad aware + spybot + avg antispyware + windwos defender: ne garde qu'un seul pour l'analyse en temps réel, pour les autres desactive la protection resisdente et lances les à la demande!
    _________

    fix ces lignes:

    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll

    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Program Files\UnibetpokerMPP\MPPoker.exe

    __________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    ___________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Program Files\NetProject
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\sbsm.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    __________________________

    recolle un rapport hiajckhtis et dis tes soucis
    0
  4. rikcholz Messages postés 31 Statut Membre 1
     
    ok merci

    voici le rapport combofix

    ComboFix 08-02-20.2 - Eric 02/20/2008 11:32:22.2 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1243 [GMT 1:00]
    Endroit: C:\Users\Eric\Desktop\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-20 09:44 --------- d-----w C:\Users\Eric\AppData\Roaming\Grisoft
    2008-02-20 07:57 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
    2008-02-20 07:55 502,272 ----a-w C:\Windows\Internet Logs\xDB9452.tmp
    2008-02-20 07:55 1,314,304 ----a-w C:\Windows\Internet Logs\xDB9A5C.tmp
    2008-02-20 07:32 1,626,112 ----a-w C:\Windows\Internet Logs\xDB702F.tmp
    2008-02-20 06:28 --------- d-----w C:\Users\Eric\AppData\Roaming\Azureus
    2008-02-20 06:27 --------- d-----w C:\Program Files\NetProject
    2008-02-20 04:48 --------- d-----w C:\Program Files\Everest Poker
    2008-02-20 04:40 --------- d---a-w C:\ProgramData\TEMP
    2008-02-19 23:30 --------- d-----w C:\Program Files\Zone Labs
    2008-02-19 22:05 --------- d-----w C:\Program Files\Azureus
    2008-02-19 21:57 34,793 ----a-w C:\Windows\system32\drivers\kwflower.log
    2008-02-19 21:56 14,829 ----a-w C:\Windows\system32\drivers\kwfupper.log
    2008-02-19 03:40 --------- d-----w C:\Program Files\TimeAdjuster
    2008-02-19 03:19 --------- d-----w C:\Program Files\URUSoft
    2008-02-17 02:59 --------- d-----w C:\Users\Eric\AppData\Roaming\Kerio
    2008-02-15 19:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-02-15 19:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-15 19:39 691,545 ----a-w C:\Windows\unins000.exe
    2008-02-14 23:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-14 22:29 --------- d-----w C:\ProgramData\CheckPoint
    2008-02-14 22:27 --------- d-----w C:\Program Files\Navilog1
    2008-02-14 22:21 --------- d-----w C:\Program Files\Avira
    2008-02-14 22:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-14 21:14 --------- d-----w C:\Program Files\SpywareBlaster
    2008-02-14 13:43 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-14 06:21 --------- d-----w C:\Program Files\Trend Micro
    2008-02-14 06:00 --------- d-----w C:\ProgramData\Grisoft
    2008-02-14 05:56 --------- d-----w C:\Program Files\CCleaner
    2008-02-14 04:42 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-14 03:52 --------- d-----w C:\Program Files\NBC Heads Up
    2008-02-14 02:45 --------- d-----w C:\Program Files\SimpleOCR
    2008-02-14 02:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 02:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 02:09 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 02:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 02:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 02:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 02:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 02:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 02:09 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 02:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 02:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 02:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 02:09 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 02:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 02:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 02:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 02:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 02:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 02:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 02:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 19:44 --------- d-----w C:\ProgramData\FLEXnet
    2008-02-13 18:12 --------- d-----w C:\Users\Eric\AppData\Roaming\Thunderbird
    2008-02-13 17:29 --------- d-----w C:\Program Files\Foxit Software
    2008-02-13 01:57 --------- d-----w C:\Program Files\Poker Tracker V2
    2008-02-09 21:07 --------- d-----w C:\Program Files\Veoh Networks
    2008-02-01 03:47 --------- d-----w C:\Program Files\ChanPoker.com
    2008-01-31 12:56 --------- d-----w C:\Users\Eric\AppData\Roaming\LimeWire
    2008-01-27 23:12 --------- d-----w C:\Program Files\Google
    2008-01-17 08:11 12,632 ----a-w C:\Windows\System32\lsdelete.exe
    2008-01-17 08:11 --------- d-----w C:\ProgramData\Lavasoft
    2008-01-17 07:51 --------- d-----w C:\Program Files\Lavasoft
    2008-01-17 07:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-16 08:59 62,464 ----a-w C:\Windows\system32\drivers\kvpndrv.sys
    2008-01-14 20:15 --------- d-----w C:\Users\Eric\AppData\Roaming\Lavasoft
    2008-01-13 12:55 --------- d-----w C:\Program Files\PokerStars
    2008-01-11 14:28 --------- d-----w C:\ProgramData\Protexis
    2008-01-10 19:11 --------- d-----w C:\Users\Eric\AppData\Roaming\U3
    2008-01-09 19:03 --------- d-----w C:\Program Files\Full Tilt Poker
    2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Mail
    2008-01-09 02:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-09 02:02 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-04 19:15 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-04 19:12 --------- d-----w C:\Program Files\HoldemInspector2
    2008-01-04 19:11 --------- d-----w C:\Program Files\PacificPoker
    2008-01-04 19:08 --------- d-----w C:\ProgramData\eMule
    2008-01-04 19:08 --------- d-----w C:\Program Files\PokerAce Hud
    2008-01-04 19:08 --------- d-----w C:\Program Files\eMule
    2008-01-04 19:08 --------- d-----w C:\Program Files\Bodog Poker
    2008-01-04 03:23 --------- d-----w C:\Program Files\DMV
    2008-01-01 22:48 --------- d-----w C:\Program Files\LimeWire
    2007-12-28 16:22 --------- d-----w C:\Program Files\Wanadoo
    2007-12-12 02:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-12 02:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-12 02:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-09-11 18:08 174 --sha-w C:\Program Files\desktop.ini
    2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-09-24 08:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-02-25 16:32 5 --sha-w C:\Windows\System32\fdfaadada6_s.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 03:01 AM 1232896]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 01:35 PM 125440]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/05/2007 02:21 AM 171448]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [11/13/2006 06:43 PM 472632]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 01:36 PM 201728]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 05:28 PM 1006264]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/11/2006 08:23 AM 118784]
    "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [11/14/2006 10:46 AM 411768]
    "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [11/11/2006 03:35 PM 43128]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/07/2006 12:25 PM 7766016]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/07/2006 12:25 PM 81920]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/15/2008 12:47 AM 249896]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/28/2007 05:17 AM 959976]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 10:25 AM 6731312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "some"= C:\Program Files\NetProject\scit.exe
    "start"= C:\Program Files\NetProject\sbmntr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 11/24/2006 10:36 AM 73728 C:\Windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [11/15/2006 07:18 AM]
    R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" []
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
    R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [10/31/2006 10:40 PM]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [08/04/2006 09:39 AM]
    R3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [10/30/2006 01:42 AM]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [10/27/2006 02:08 PM]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [10/27/2006 02:08 PM]
    R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [09/06/2006 10:44 AM]
    R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [11/06/2006 02:56 PM]
    S3 kvpndev;Kerio VPN adapter;C:\Windows\system32\DRIVERS\kvpndrv.sys [01/16/2008 09:59 AM]
    S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [04/14/2006 10:04 AM]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [01/10/2007 04:51 PM]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [01/08/2007 05:06 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8c405e-bf71-11dc-81e2-0013a9868c47}]
    \shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4f29926-c683-11db-ac7b-0016fef72482}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf573b9-c69d-11db-b0fb-0016fef72482}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-20 02:01:08 C:\Windows\Tasks\User_Feed_Synchronization-{749F7267-3809-4F65-A674-B375A4B1B6E4}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 11:35:44
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
    -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
    .
    Temps d'accomplissement: 02/20/2008 11:36:39
    ComboFix-quarantined-files.txt 2008-02-20 10:36:34
    ComboFix2.txt 2008-02-14 17:42:27
    .
    2008-02-14 02:18:03 --- E O F ---

    ainsi que le rapport OTMoveIt

    Folder move failed. C:\Program Files\NetProject scheduled to be moved on reboot.
    File move failed. C:\Program Files\NetProject\scit.exe scheduled to be moved on reboot.
    File move failed. C:\Program Files\NetProject\scm.exe scheduled to be moved on reboot.
    File move failed. C:\Program Files\NetProject\sbmntr.exe scheduled to be moved on reboot.
    File move failed. C:\Program Files\NetProject\sbsm.exe scheduled to be moved on reboot.

    OTMoveIt2 v1.0.20 log created on 02202008_113813

    Enfin le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:48:14 AM, on 2/20/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\SonicStage\SSAAD.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
    O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
    O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. rikcholz Messages postés 31 Statut Membre 1
     
    j'ai encore un point d'exclamation dans la barre des taches.(system alert...
    je ne pense pas que c'est mieux
    grave?
    0
  7. rikcholz Messages postés 31 Statut Membre 1
     
    encore une info
    un message me dis que je suis infécté par spyware cyberlog X ???
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour fusionner:
    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::

    C:\Program Files\NetProject
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\scit.exe

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
  9. rikcholz Messages postés 31 Statut Membre 1
     
    ok voila les 2 RAPPORT

    combofix:

    ComboFix 08-02-20.2 - Eric 02/20/2008 12:07:01.3 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1349 [GMT 1:00]
    Endroit: C:\Users\Eric\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Eric\Desktop\CFscript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Program Files\NetProject
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\scit.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\scit.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-20 11:07 --------- d-----w C:\Program Files\NetProject
    2008-02-20 10:41 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
    2008-02-20 09:44 --------- d-----w C:\Users\Eric\AppData\Roaming\Grisoft
    2008-02-20 07:55 502,272 ----a-w C:\Windows\Internet Logs\xDB9452.tmp
    2008-02-20 07:55 1,314,304 ----a-w C:\Windows\Internet Logs\xDB9A5C.tmp
    2008-02-20 07:32 1,626,112 ----a-w C:\Windows\Internet Logs\xDB702F.tmp
    2008-02-20 06:28 --------- d-----w C:\Users\Eric\AppData\Roaming\Azureus
    2008-02-20 04:48 --------- d-----w C:\Program Files\Everest Poker
    2008-02-20 04:40 --------- d---a-w C:\ProgramData\TEMP
    2008-02-19 23:30 --------- d-----w C:\Program Files\Zone Labs
    2008-02-19 22:05 --------- d-----w C:\Program Files\Azureus
    2008-02-19 21:57 34,793 ----a-w C:\Windows\system32\drivers\kwflower.log
    2008-02-19 21:56 14,829 ----a-w C:\Windows\system32\drivers\kwfupper.log
    2008-02-19 03:40 --------- d-----w C:\Program Files\TimeAdjuster
    2008-02-19 03:19 --------- d-----w C:\Program Files\URUSoft
    2008-02-17 02:59 --------- d-----w C:\Users\Eric\AppData\Roaming\Kerio
    2008-02-15 19:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-02-15 19:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-15 19:39 691,545 ----a-w C:\Windows\unins000.exe
    2008-02-14 23:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-14 22:29 --------- d-----w C:\ProgramData\CheckPoint
    2008-02-14 22:27 --------- d-----w C:\Program Files\Navilog1
    2008-02-14 22:21 --------- d-----w C:\Program Files\Avira
    2008-02-14 22:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-14 21:14 --------- d-----w C:\Program Files\SpywareBlaster
    2008-02-14 13:43 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-14 06:21 --------- d-----w C:\Program Files\Trend Micro
    2008-02-14 06:00 --------- d-----w C:\ProgramData\Grisoft
    2008-02-14 05:56 --------- d-----w C:\Program Files\CCleaner
    2008-02-14 04:42 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-14 03:52 --------- d-----w C:\Program Files\NBC Heads Up
    2008-02-14 02:45 --------- d-----w C:\Program Files\SimpleOCR
    2008-02-14 02:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 02:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 02:09 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 02:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 02:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 02:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 02:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 02:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 02:09 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 02:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 02:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 02:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 02:09 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 02:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 02:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 02:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 02:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 02:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 02:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 02:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 19:44 --------- d-----w C:\ProgramData\FLEXnet
    2008-02-13 18:12 --------- d-----w C:\Users\Eric\AppData\Roaming\Thunderbird
    2008-02-13 17:29 --------- d-----w C:\Program Files\Foxit Software
    2008-02-13 01:57 --------- d-----w C:\Program Files\Poker Tracker V2
    2008-02-09 21:07 --------- d-----w C:\Program Files\Veoh Networks
    2008-02-01 03:47 --------- d-----w C:\Program Files\ChanPoker.com
    2008-01-31 12:56 --------- d-----w C:\Users\Eric\AppData\Roaming\LimeWire
    2008-01-27 23:12 --------- d-----w C:\Program Files\Google
    2008-01-17 08:11 12,632 ----a-w C:\Windows\System32\lsdelete.exe
    2008-01-17 08:11 --------- d-----w C:\ProgramData\Lavasoft
    2008-01-17 07:51 --------- d-----w C:\Program Files\Lavasoft
    2008-01-17 07:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-16 08:59 62,464 ----a-w C:\Windows\system32\drivers\kvpndrv.sys
    2008-01-14 20:15 --------- d-----w C:\Users\Eric\AppData\Roaming\Lavasoft
    2008-01-13 12:55 --------- d-----w C:\Program Files\PokerStars
    2008-01-11 14:28 --------- d-----w C:\ProgramData\Protexis
    2008-01-10 19:11 --------- d-----w C:\Users\Eric\AppData\Roaming\U3
    2008-01-09 19:03 --------- d-----w C:\Program Files\Full Tilt Poker
    2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Mail
    2008-01-09 02:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-09 02:02 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-04 19:15 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-04 19:12 --------- d-----w C:\Program Files\HoldemInspector2
    2008-01-04 19:11 --------- d-----w C:\Program Files\PacificPoker
    2008-01-04 19:08 --------- d-----w C:\ProgramData\eMule
    2008-01-04 19:08 --------- d-----w C:\Program Files\PokerAce Hud
    2008-01-04 19:08 --------- d-----w C:\Program Files\eMule
    2008-01-04 19:08 --------- d-----w C:\Program Files\Bodog Poker
    2008-01-04 03:23 --------- d-----w C:\Program Files\DMV
    2008-01-01 22:48 --------- d-----w C:\Program Files\LimeWire
    2007-12-28 16:22 --------- d-----w C:\Program Files\Wanadoo
    2007-12-12 02:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-12 02:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-12 02:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-09-11 18:08 174 --sha-w C:\Program Files\desktop.ini
    2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-09-24 08:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-02-25 16:32 5 --sha-w C:\Windows\System32\fdfaadada6_s.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 03:01 AM 1232896]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 01:35 PM 125440]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/05/2007 02:21 AM 171448]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [11/13/2006 06:43 PM 472632]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 01:36 PM 201728]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 05:28 PM 1006264]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/11/2006 08:23 AM 118784]
    "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [11/14/2006 10:46 AM 411768]
    "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [11/11/2006 03:35 PM 43128]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/07/2006 12:25 PM 7766016]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/07/2006 12:25 PM 81920]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/15/2008 12:47 AM 249896]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/28/2007 05:17 AM 959976]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 10:25 AM 6731312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 11/24/2006 10:36 AM 73728 C:\Windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [11/15/2006 07:18 AM]
    R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" []
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
    R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [10/31/2006 10:40 PM]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [08/04/2006 09:39 AM]
    R3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [10/30/2006 01:42 AM]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [10/27/2006 02:08 PM]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [10/27/2006 02:08 PM]
    R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [09/06/2006 10:44 AM]
    R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [11/06/2006 02:56 PM]
    S3 kvpndev;Kerio VPN adapter;C:\Windows\system32\DRIVERS\kvpndrv.sys [01/16/2008 09:59 AM]
    S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [04/14/2006 10:04 AM]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [01/10/2007 04:51 PM]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [01/08/2007 05:06 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8c405e-bf71-11dc-81e2-0013a9868c47}]
    \shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4f29926-c683-11db-ac7b-0016fef72482}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf573b9-c69d-11db-b0fb-0016fef72482}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-20 02:01:08 C:\Windows\Tasks\User_Feed_Synchronization-{749F7267-3809-4F65-A674-B375A4B1B6E4}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 12:09:16
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 02/20/2008 12:09:56
    ComboFix-quarantined-files.txt 2008-02-20 11:09:54
    ComboFix2.txt 2008-02-20 10:36:41
    ComboFix3.txt 2008-02-14 17:42:27
    .
    2008-02-14 02:18:03 --- E O F ---

    et hijackhis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:12:19 PM, on 2/20/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\SonicStage\SSAAD.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\ipconfig.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
    O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
    O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    desactive le tea timer le temps de la desisnfection!

    normal qu'il trouve des choses car je modifie des logiciel sur ton ordi en desisnfectant!
    ______________

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::

    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\sbsm.exe

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    __________________

    colle un rapport antivir en plus et dis tes soucis actuels

    rq: comme j'ai déjà dis, il ne faut qu'un seul antiesopion qui fasse une analyse en temps reel!
    0
  11. rikcholz Messages postés 31 Statut Membre 1
     
    voila , de nouveau les 2 rapports demandés:

    ComboFix 08-02-20.2 - Eric 02/20/2008 12:29:58.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.1268 [GMT 1:00]
    Endroit: C:\Users\Eric\Desktop\ComboFix.exe
    Command switches used :: C:\Users\Eric\Desktop\CFscript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\scm.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\NetProject\sbsm.exe
    C:\Program Files\NetProject\scm.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-20 to 2008-02-20 ))))))))))))))))))))))))))))))))))))
    .

    Pas de nouveau fichier créé dans cet espace de temps

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-20 11:30 --------- d-----w C:\Program Files\NetProject
    2008-02-20 11:27 350,468 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
    2008-02-20 09:44 --------- d-----w C:\Users\Eric\AppData\Roaming\Grisoft
    2008-02-20 07:55 502,272 ----a-w C:\Windows\Internet Logs\xDB9452.tmp
    2008-02-20 07:55 1,314,304 ----a-w C:\Windows\Internet Logs\xDB9A5C.tmp
    2008-02-20 07:32 1,626,112 ----a-w C:\Windows\Internet Logs\xDB702F.tmp
    2008-02-20 06:28 --------- d-----w C:\Users\Eric\AppData\Roaming\Azureus
    2008-02-20 04:48 --------- d-----w C:\Program Files\Everest Poker
    2008-02-20 04:40 --------- d---a-w C:\ProgramData\TEMP
    2008-02-19 23:30 --------- d-----w C:\Program Files\Zone Labs
    2008-02-19 22:05 --------- d-----w C:\Program Files\Azureus
    2008-02-19 21:57 34,793 ----a-w C:\Windows\system32\drivers\kwflower.log
    2008-02-19 21:56 14,829 ----a-w C:\Windows\system32\drivers\kwfupper.log
    2008-02-19 03:40 --------- d-----w C:\Program Files\TimeAdjuster
    2008-02-19 03:19 --------- d-----w C:\Program Files\URUSoft
    2008-02-17 02:59 --------- d-----w C:\Users\Eric\AppData\Roaming\Kerio
    2008-02-15 19:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
    2008-02-15 19:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-15 19:39 691,545 ----a-w C:\Windows\unins000.exe
    2008-02-14 23:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-14 22:29 --------- d-----w C:\ProgramData\CheckPoint
    2008-02-14 22:27 --------- d-----w C:\Program Files\Navilog1
    2008-02-14 22:21 --------- d-----w C:\Program Files\Avira
    2008-02-14 22:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-14 21:14 --------- d-----w C:\Program Files\SpywareBlaster
    2008-02-14 13:43 --------- d-----w C:\ProgramData\Microsoft Help
    2008-02-14 06:21 --------- d-----w C:\Program Files\Trend Micro
    2008-02-14 06:00 --------- d-----w C:\ProgramData\Grisoft
    2008-02-14 05:56 --------- d-----w C:\Program Files\CCleaner
    2008-02-14 04:42 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-02-14 03:52 --------- d-----w C:\Program Files\NBC Heads Up
    2008-02-14 02:45 --------- d-----w C:\Program Files\SimpleOCR
    2008-02-14 02:17 194,560 ----a-w C:\Windows\System32\WebClnt.dll
    2008-02-14 02:17 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
    2008-02-14 02:09 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
    2008-02-14 02:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
    2008-02-14 02:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
    2008-02-14 02:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
    2008-02-14 02:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
    2008-02-14 02:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
    2008-02-14 02:09 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
    2008-02-14 02:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
    2008-02-14 02:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
    2008-02-14 02:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
    2008-02-14 02:09 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
    2008-02-14 02:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
    2008-02-14 02:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
    2008-02-14 02:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-02-14 02:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-02-14 02:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-02-14 02:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-02-14 02:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
    2008-02-14 02:04 824,832 ----a-w C:\Windows\System32\wininet.dll
    2008-02-14 02:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
    2008-02-14 02:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
    2008-02-14 02:03 56,320 ----a-w C:\Windows\System32\iesetup.dll
    2008-02-13 19:44 --------- d-----w C:\ProgramData\FLEXnet
    2008-02-13 18:12 --------- d-----w C:\Users\Eric\AppData\Roaming\Thunderbird
    2008-02-13 17:29 --------- d-----w C:\Program Files\Foxit Software
    2008-02-13 01:57 --------- d-----w C:\Program Files\Poker Tracker V2
    2008-02-09 21:07 --------- d-----w C:\Program Files\Veoh Networks
    2008-02-01 03:47 --------- d-----w C:\Program Files\ChanPoker.com
    2008-01-31 12:56 --------- d-----w C:\Users\Eric\AppData\Roaming\LimeWire
    2008-01-27 23:12 --------- d-----w C:\Program Files\Google
    2008-01-17 08:11 12,632 ----a-w C:\Windows\System32\lsdelete.exe
    2008-01-17 08:11 --------- d-----w C:\ProgramData\Lavasoft
    2008-01-17 07:51 --------- d-----w C:\Program Files\Lavasoft
    2008-01-17 07:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-16 08:59 62,464 ----a-w C:\Windows\system32\drivers\kvpndrv.sys
    2008-01-14 20:15 --------- d-----w C:\Users\Eric\AppData\Roaming\Lavasoft
    2008-01-13 12:55 --------- d-----w C:\Program Files\PokerStars
    2008-01-11 14:28 --------- d-----w C:\ProgramData\Protexis
    2008-01-10 19:11 --------- d-----w C:\Users\Eric\AppData\Roaming\U3
    2008-01-09 19:03 --------- d-----w C:\Program Files\Full Tilt Poker
    2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Sidebar
    2008-01-09 02:13 --------- d-----w C:\Program Files\Windows Mail
    2008-01-09 02:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
    2008-01-09 02:02 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
    2008-01-09 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
    2008-01-04 19:15 --------- d-----w C:\Program Files\Microsoft Works
    2008-01-04 19:12 --------- d-----w C:\Program Files\HoldemInspector2
    2008-01-04 19:11 --------- d-----w C:\Program Files\PacificPoker
    2008-01-04 19:08 --------- d-----w C:\ProgramData\eMule
    2008-01-04 19:08 --------- d-----w C:\Program Files\PokerAce Hud
    2008-01-04 19:08 --------- d-----w C:\Program Files\eMule
    2008-01-04 19:08 --------- d-----w C:\Program Files\Bodog Poker
    2008-01-04 03:23 --------- d-----w C:\Program Files\DMV
    2008-01-01 22:48 --------- d-----w C:\Program Files\LimeWire
    2007-12-28 16:22 --------- d-----w C:\Program Files\Wanadoo
    2007-12-12 02:06 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
    2007-12-12 02:06 223,232 ----a-w C:\Windows\System32\WMASF.DLL
    2007-12-12 02:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
    2007-09-11 18:08 174 --sha-w C:\Program Files\desktop.ini
    2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    2007-09-24 08:57 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    2007-09-24 08:57 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    2007-02-25 16:32 5 --sha-w C:\Windows\System32\fdfaadada6_s.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 03:01 AM 1232896]
    "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 01:35 PM 125440]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/05/2007 02:21 AM 171448]
    "SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [11/13/2006 06:43 PM 472632]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 01:36 PM 201728]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [05/08/2007 05:28 PM 1006264]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/11/2006 08:23 AM 118784]
    "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [11/14/2006 10:46 AM 411768]
    "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [11/11/2006 03:35 PM 43128]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [12/07/2006 12:25 PM 7766016]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [12/07/2006 12:25 PM 81920]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/15/2008 12:47 AM 249896]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/28/2007 05:17 AM 959976]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 10:25 AM 6731312]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 11/24/2006 10:36 AM 73728 C:\Windows\System32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

    R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [11/15/2006 07:18 AM]
    R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" []
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
    R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [10/31/2006 10:40 PM]
    R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [08/04/2006 09:39 AM]
    R3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [10/30/2006 01:42 AM]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [10/27/2006 02:08 PM]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [10/27/2006 02:08 PM]
    R3 SonyImgF;Sony Image Conversion Filter Driver;C:\Windows\system32\DRIVERS\SonyImgF.sys [09/06/2006 10:44 AM]
    R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [11/06/2006 02:56 PM]
    S3 kvpndev;Kerio VPN adapter;C:\Windows\system32\DRIVERS\kvpndrv.sys [01/16/2008 09:59 AM]
    S3 SQLWriter;Enregistreur VSS SQL Server;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [04/14/2006 10:04 AM]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [01/10/2007 04:51 PM]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [01/08/2007 05:06 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
    \shell\AutoRun\command - G:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c8c405e-bf71-11dc-81e2-0013a9868c47}]
    \shell\AutoRun\command - G:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4f29926-c683-11db-ac7b-0016fef72482}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{faf573b9-c69d-11db-b0fb-0016fef72482}]
    \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-20 02:01:08 C:\Windows\Tasks\User_Feed_Synchronization-{749F7267-3809-4F65-A674-B375A4B1B6E4}.job"
    - C:\Windows\system32\msfeedssync.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-20 12:32:59
    Windows 6.0.6000 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 02/20/2008 12:33:39
    ComboFix-quarantined-files.txt 2008-02-20 11:33:37
    ComboFix2.txt 2008-02-20 11:09:57
    ComboFix3.txt 2008-02-20 10:36:41
    ComboFix4.txt 2008-02-14 17:42:27
    .
    2008-02-14 02:18:03 --- E O F ---

    et hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:38:00 PM, on 2/20/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Sony\SonicStage\SSAAD.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\conime.exe
    C:\Windows\Explorer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.u-picardie.fr:3128
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - (no file)
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-53204119-2991869364-3885560029-1006\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
    O4 - Startup: Banshee Screamer Alarm.lnk = C:\Program Files\Banshee Screamer Alarm\alarm.exe
    O4 - Startup: Sonic INSTALLit! Setup.lnk = Eric\AppData\Local\Temp\VIES549D\setup.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F890D570-1E99-4381-A1E6-6C6955ECF7E2}: NameServer = 192.168.1.1
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
    O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
    O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui c'est bon!

    par contre tu as toujours 3 anti espions en temps réel , desactive en deux!

    on les voit:
    C:\Program Files\Windows Defender\MSASCui.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    ___________________

    j'attends antivir
    0
  13. rikcholz Messages postés 31 Statut Membre 1
     
    salut encore

    effectivement, ça a l'air d'aller mieux!! je vais enfin pouvoir allez me coucher

    en attendant le san antivir, je me permet de te poser 3-4 questions, si tu as le temps d'y répondre

    Ca fait 2 fois en 4 jours que je suis infectés par ces conneries.
    je pense avoir des doutes sur l'origine de ces attaques....
    pourtant, je suis equipé d'antivir, de teatimer ainsi que la version gratuite de zone alarm.
    Est ce normal, que malgré ces protections je suis encore attaqué sans cesses?
    y a-t-il encore une faille dans la combinaison des 3 outils de protection?

    j'ai bien compris que j'avais 3 protections en temps réels et qu'une seule suffisait.
    laquelle me conseilles tu de garder?

    si ceci se reproduit est ce que combofix peut régler le problème a lui seul?

    Enfin, la version gratuite de zone alarm, non paramétrable, est elle la seule compatible avec vista? (car je le coupe quand je télécharge et c'est peut être dangereux). Le firewall intégré de vista ne suffit-il pas?

    Merci bcp de m'avoir dépanner. c'est toi qui m'a aidé également la dernière fois.

    le scan antivir n'est pas fini mais il me donne 2 warnings.

    merci encore pour tout en espérant que tu auras le temps de répondre à ces questions.

    salut
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Ca fait 2 fois en 4 jours que je suis infectés par ces conneries.
    je pense avoir des doutes sur l'origine de ces attaques....
    pourtant, je suis equipé d'antivir, de teatimer ainsi que la version gratuite de zone alarm.
    Est ce normal, que malgré ces protections je suis encore attaqué sans cesses?

    maintenant que l'on a viré l'infection tu ne devrais plus avoir d'alerte, l'infection était presente de puis plusieurs jour dans ton ordi d'ou les alertes a répétition
    _______________

    y a-t-il encore une faille dans la combinaison des 3 outils de protection?

    j'ai bien compris que j'avais 3 protections en temps réels et qu'une seule suffisait.
    laquelle me conseilles tu de garder?

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :

    AD AWARE + SPYBOT +/- si tea timer non active de spybot: WINDOWS DEFENDER TERMINATOR

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------

    CCLEANER pour effacer les traces de surf

    ____________________

    si ceci se reproduit est ce que combofix peut régler le problème a lui seul?

    TOUT DEPENDS DES INFECTIONS.... antivir risque de le considérer comme nefaste n'en tiens pas compte ou vire le de ton ordi

    ___________________

    Enfin, la version gratuite de zone alarm, non paramétrable, est elle la seule compatible avec vista? (car je le coupe quand je télécharge et c'est peut être dangereux). Le firewall intégré de vista ne suffit-il pas?

    Le firewall de vista n'est pas performant, zone alarm est mieux!

    pour les parefeu : garde zone alarm sion il me semble que jetico est compatible vista

    http://cs76.free.fr/pare-feu-gratuit.php
    0
  15. rikcholz Messages postés 31 Statut Membre 1
     
    ok

    merci pour tes conseils

    antivir n'est qu'a 60%? le rapport donne pour l'instant 4 détections et 2 warnings.

    je vais dormir et posterai le rapport au reveil

    merci encore
    salut
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok a plus
    0
  17. rikcholz Messages postés 31 Statut Membre 1
     
    slt
    voila le rapport anti vir qui me semble bon

    AntiVir PersonalEdition Classic
    Report file date: mercredi 20 février 2008 12:35

    Scanning for 1117323 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows Vista
    Windows version: (plain) [6.0.6000]
    Username: SYSTEM
    Computer name: RICO

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 23:47:14
    ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 23:47:14
    ANTIVIR3.VDF : 7.0.2.162 292864 Bytes 19/02/2008 21:41:39
    AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 15/02/2008 22:22:26
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 14/02/2008 23:47:14
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: Z:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 20 février 2008 12:35

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'conime.exe' - '1' Module(s) have been scanned
    Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
    Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
    Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
    Scan process 'ApMsgFwd.exe' - '1' Module(s) have been scanned
    Scan process 'Switcher.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'VzFw.exe' - '1' Module(s) have been scanned
    Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
    Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
    Scan process 'XAudio.exe' - '1' Module(s) have been scanned
    Scan process 'VESMgrSub.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'VCSW.exe' - '1' Module(s) have been scanned
    Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtSrv.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'postgres.exe' - '1' Module(s) have been scanned
    Scan process 'stacsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'pg_ctl.exe' - '1' Module(s) have been scanned
    Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'TosAVRC.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
    Scan process 'SSAAD.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
    Scan process 'VCUServe.exe' - '1' Module(s) have been scanned
    Scan process 'Apoint.exe' - '1' Module(s) have been scanned
    Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
    Scan process 'taskeng.exe' - '1' Module(s) have been scanned
    Scan process 'dwm.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
    Scan process 'audiodg.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    80 processes with 80 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'Z:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '10' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\VundoFix Backups\byvvw.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.gc
    [INFO] The file was moved to '483220be.qua'!
    C:\VundoFix Backups\efcab.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.gc
    [INFO] The file was moved to '481f20b2.qua'!
    C:\VundoFix Backups\mllmj.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.gc
    [INFO] The file was moved to '482820c0.qua'!
    C:\VundoFix Backups\yayay.dll.bad
    [DETECTION] Is the Trojan horse TR/Vundo.gc
    [INFO] The file was moved to '483520bb.qua'!
    Begin scan in 'Z:\'

    End of the scan: mercredi 20 février 2008 13:58
    Used time: 1:23:14 min

    The scan has been done completely.

    16043 Scanning directories
    361161 Files were scanned
    4 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    4 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    361157 Files not concerned
    1979 Archives were scanned
    2 Warnings
    22 Notes

    il y a juste 2 WARNINGS qui ne doivent pas etre trop grave
    je pense que tout va bien

    merci bcp encore
    slt
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok oui c'est bon!

    vire ce qui est dans vundofix backups en allant dans poste de travail puis C

    C:\VundoFix Backups\

    ________________

    vire ce qui est en quarantaine dans antivir

    _____________

    si pas de soucis c'est bon!
    0
  19. rikcholz Messages postés 31 Statut Membre 1
     
    OK MERCI
    SALUT
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    bonne continuation
    0